Jump to content

Automatic Updates Vires

Wrongulator
 Share

Recommended Posts

Wrongulator

Wrongulator

Posted
Posted

I have had this problem before recently (albeit of a more lethal form).

The particular virus's main effect is to switch off Windows Firewall and Automatic Updates. It does not allow a System Restore. This virus is particularly tenacious when it comes to removing.

I am unable to run the GMER Rootkit Scanner because this always cause the computer to spectacularly crash and recover from "a serious error" in which it has to dump memory.

Here are requested logs:-

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7546

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

23/08/2011 11:00:28 AM

mbam-log-2011-08-23 (11-00-28).txt

Scan type: Quick scan

Objects scanned: 206180

Time elapsed: 16 minute(s), 29 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

c:\documents and settings\everyone else\local settings\application data\htl.exe (Trojan.FakeAlert) -> 1088 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1213316075 (Trojan.FakeAlert) -> Value: 1213316075 -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\everyone else\local settings\application data\htl.exe (Trojan.FakeAlert) -> Delete on reboot.

c:\documents and settings\everyone else\local settings\temp\0.8187281440886258.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by Everyone Else at 3:09:10 on 2011-08-24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.502.102 [GMT -7:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\AVG\AVG9\avgfws9.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

svchost.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe

C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\plugin-container.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Documents and Settings\Everyone Else\Desktop\Defogger.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"

uRun: [smartRAM] "c:\program files\iobit\advanced systemcare 4\Suo10_SmartRAM.exe" /m

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175715926328

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab

DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{CDE026FF-8337-41F3-A59A-1E5CDFE7AAE8} : DhcpNameServer = 192.168.1.254 192.168.1.254

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\everyone else\application data\mozilla\firefox\profiles\se7t3lqv.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

============= SERVICES / DRIVERS ===============

.

.

=============== File Associations ===============

.

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

.

============= FINISH: 3:11:34.76 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 14/05/2006 3:06:09 PM

System Uptime: 23/08/2011 11:46:46 PM (4 hours ago)

.

Motherboard: Dell Inc. | | 0JC474

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 146 GiB total, 2.223 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 298 GiB total, 76.002 GiB free.

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1545: 07/08/2011 11:34:08 PM - System Checkpoint

RP1546: 10/08/2011 6:07:32 PM - System Checkpoint

RP1547: 11/08/2011 3:27:12 AM - Software Distribution Service 3.0

RP1548: 11/08/2011 4:19:01 AM - Software Distribution Service 3.0

RP1549: 12/08/2011 10:53:41 AM - System Checkpoint

RP1550: 13/08/2011 11:06:03 AM - System Checkpoint

RP1551: 14/08/2011 11:54:52 PM - System Checkpoint

RP1552: 16/08/2011 12:49:09 AM - System Checkpoint

RP1553: 17/08/2011 1:26:24 AM - System Checkpoint

RP1554: 19/08/2011 10:28:50 AM - System Checkpoint

RP1555: 20/08/2011 2:56:52 PM - System Checkpoint

RP1556: 22/08/2011 12:01:13 AM - System Checkpoint

RP1557: 23/08/2011 5:35:39 PM - System Checkpoint

.

==== Installed Programs ======================

.

Leawo AVI Converter version 3.1.0.0

AC3Filter 1.63b

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.5

Advanced SystemCare 4

µTorrent

AVG Free 9.0

Brother MFL-Pro Suite

Critical Update for Windows Media Player 11 (KB959772)

Dell CinePlayer

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Support Center (Support Software)

Dell System Restore

DellSupport

DivX Setup

Encyclopædia Britannica Deluxe Edition

Free DivX Converter 1.2.17

Free M4a to MP3 Converter 6.1

FreeFixer

GPL MPEG-1/2 DirectShow Decoder Filter

High Definition Audio Driver Package - KB835221

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

ImageMixer VCD2

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

Internet Explorer Default Page

IObit Malware Fighter

Java Auto Updater

Java 6 Update 21

Junk Mail filter update

K-Lite Codec Pack 6.5.0 (Basic)

Learn2 Player (Uninstall Only)

Macromedia HomeSite+

Malwarebytes' Anti-Malware version 1.51.1.1800

MCU

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 SR-1 Premium

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ Run Time Lib Setup

Mozilla Firefox (3.5.3)

Mozilla Firefox 6.0 (x86 en-GB)

MSN

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PaperPort

Photo! Editor 1.1

Picture Package

Protected Folder

QuickTime

RealPlayer Basic

Roxio DLA

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Skype™ 4.2

Sonic Activation Module

Sony USB Driver

Switch Sound File Converter

TopStyle Lite (Version 3.0)

TurboTax 2010

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.4053

Veoh Web Player

VLC media player 1.0.3

WebFldrs XP

WinAce Archiver

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Service Pack 3

WordPerfect Office 12

Xvid 1.2.1 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

22/08/2011 4:43:07 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.

19/08/2011 9:33:59 PM, error: Service Control Manager [7034] - The Brother Popup Suspend service for Resource manager service terminated unexpectedly. It has done this 1 time(s).

19/08/2011 9:33:55 PM, error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 1 time(s).

19/08/2011 9:27:29 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).

18/08/2011 8:29:02 AM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.

17/08/2011 2:34:11 PM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).

17/08/2011 11:53:04 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

17/08/2011 11:49:50 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites
Wrongulator

Wrongulator

Posted
  • Author
Posted

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7600

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

28/08/2011 11:51:58 PM

mbam-log-2011-08-28 (23-51-57).txt

Scan type: Quick scan

Objects scanned: 210296

Time elapsed: 1 hour(s), 57 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix 11-08-28.01 - Everyone Else 29/08/2011 1:59.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.502.279 [GMT -7:00]

Running from: c:\documents and settings\Everyone Else\Desktop\ComboFix.exe

.

/wow section - STAGE 4

.

/wow section - STAGE 6A

.

/wow section - STAGE 33

grep: temp2401: No such file or directory

The system cannot execute the specified program.

.

ComboFix encountered a terminal error!! Please upload this file - C:\ComboFix_error.dat

to: http://www.bleepingcomputer.com/submit-malware.php?channel=4

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\Temp\scsE.tmp

.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.

Infected copy of c:\windows\system32\user32.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\user32.dll

.

Infected copy of c:\windows\system32\lsass.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\lsass.exe

.

Infected copy of c:\windows\system32\ws2help.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\ws2help.dll

.

Infected copy of c:\windows\system32\ws2_32.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\ws2_32.dll

.

Infected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\kbdclass.sys

.

Infected copy of c:\windows\system32\usp10.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\usp10.dll

.

Infected copy of c:\windows\system32\msimg32.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\msimg32.dll

.

Infected copy of c:\windows\Winlogon.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\winlogon.exe

.

c:\windows\explorer.exe . . . is infected!!

.

Infected copy of c:\windows\system32\spoolsv.exe was found and disinfected

Restored copy from - c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

.

Infected copy of c:\windows\system32\lpk.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\lpk.dll

.

Infected copy of c:\windows\system32\comres.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\comres.dll

.

Infected copy of c:\windows\system32\mfc40u.dll was found and disinfected

Restored copy from - c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

.

Infected copy of c:\windows\system32\svchost.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\svchost.exe

.

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.

Infected copy of c:\windows\system32\uxtheme.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\uxtheme.dll

.

Infected copy of c:\program files\internet explorer\iexplore.exe was found and disinfected

Restored copy from - c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe

.

Infected copy of c:\windows\system32\midimap.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\midimap.dll

.

Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\wuauclt.exe

.

Infected copy of c:\windows\system32\comctl32.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\comctl32.dll

.

c:\windows\system32\debug.exe . . . is infected!!

.

Infected copy of c:\windows\system32\drivers\acpiec.sys was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\acpiec.sys

.

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\ndis.sys

.

((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))

.

.

No new files created in this timespan

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\mswsock.dll ... is infected !!

.

c:\windows\system32\svchost.exe ... Infected -- Win32.Qhost !!

-c----w- 14,336 2004-08-04 10:00 c:\windows\$NtServicePackUninstall$\svchost.exe

----a-w- 14,336 2008-04-14 00:12 c:\windows\ERDNT\cache\svchost.exe

----a-w- 22,096 2011-08-29 08:45 c:\windows\Prefetch\SVCHOST.EXE-2D5FBD18.pf

------w- 14,336 2008-04-14 00:12 c:\windows\ServicePackFiles\i386\svchost.exe

----a-w- 14,336 2008-04-14 00:12 c:\windows\system32\svchost.exe

.

Entries: 5 (5)

Directories: 0 Files: 5

Bytes: 79,440 Blocks: 156

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]

"SmartRAM"="c:\program files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe" [2011-05-28 512400]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-29 98304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBGAFIARQBFAC0AVgA2AFoASgBBAC0AQgBOADIAWQBRAC0ARgAzAFYAUwBSAC0AVgBXAFMAUgA0AC0AVgBZADcATQBaAA&inst=NwA3AC0AMwA4ADcANAAyADAANAA5ADMALQBUADIAMAAtAFUAOAA1ACsAMQAtAEIAQQArADEALQBLAFYAMwArADcALQBYAEwAKwAxAC0ARgBQADkAMgArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADIANQA5ADIAOAAtAFMAVAA5ADAARgBBAFAAUAArADEALQBEAEQAOQAwAEYAKwAxAA∏=90&ver=9.0.894" [?]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

.

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]

.

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]

.

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-29 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-08-06 21:46]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

FF - ProfilePath - c:\documents and settings\Everyone Else\Application Data\Mozilla\Firefox\Profiles\se7t3lqv.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-29 02:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,7d,33,ea,23,7e,39,44,98,a7,7c,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,7d,33,ea,23,7e,39,44,98,a7,7c,\

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\brss01a.exe

c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe

c:\program files\IObit\Advanced SystemCare 4\ASCService.exe

c:\windows\system32\Brmfrmps.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2011-08-29 02:31:30 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-29 09:31

ComboFix2.txt 2011-08-05 13:03

ComboFix3.txt 2010-03-29 07:46

.

Pre-Run: 5,336,641,536 bytes free

Post-Run: 5,449,437,184 bytes free

.

- - End Of File - - E39BB81844D8C1B375BD67E1F495C658

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by Everyone Else at 2:34:07 on 2011-08-29

Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.502.145 [GMT -7:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

svchost.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\firefox.exe

C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"

uRun: [smartRAM] "c:\program files\iobit\advanced systemcare 4\Suo10_SmartRAM.exe" /m

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBGAFIARQBFAC0AVgA2AFoASgBBAC0AQgBOADIAWQBRAC0ARgAzAFYAUwBSAC0AVgBXAFMAUgA0AC0AVgBZADcATQBaAA"&"inst=NwA3AC0AMwA4ADcANAAyADAANAA5ADMALQBUADIAMAAtAFUAOAA1ACsAMQAtAEIAQQArADEALQBLAFYAMwArADcALQBYAEwAKwAxAC0ARgBQADkAMgArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADIANQA5ADIAOAAtAFMAVAA5ADAARgBBAFAAUAArADEALQBEAEQAOQAwAEYAKwAxAA"&"prod=90"&"ver=9.0.894

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175715926328

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab

DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{CDE026FF-8337-41F3-A59A-1E5CDFE7AAE8} : DhcpNameServer = 192.168.1.254 192.168.1.254

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\everyone else\application data\mozilla\firefox\profiles\se7t3lqv.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

============= SERVICES / DRIVERS ===============

.

.

=============== File Associations ===============

.

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

.

============= FINISH: 2:35:31.17 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 14/05/2006 3:06:09 PM

System Uptime: 29/08/2011 2:20:46 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0JC474

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 146 GiB total, 5.132 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 298 GiB total, 80.646 GiB free.

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1545: 07/08/2011 11:34:08 PM - System Checkpoint

RP1546: 10/08/2011 6:07:32 PM - System Checkpoint

RP1547: 11/08/2011 3:27:12 AM - Software Distribution Service 3.0

RP1548: 11/08/2011 4:19:01 AM - Software Distribution Service 3.0

RP1549: 12/08/2011 10:53:41 AM - System Checkpoint

RP1550: 13/08/2011 11:06:03 AM - System Checkpoint

RP1551: 14/08/2011 11:54:52 PM - System Checkpoint

RP1552: 16/08/2011 12:49:09 AM - System Checkpoint

RP1553: 17/08/2011 1:26:24 AM - System Checkpoint

RP1554: 19/08/2011 10:28:50 AM - System Checkpoint

RP1555: 20/08/2011 2:56:52 PM - System Checkpoint

RP1556: 22/08/2011 12:01:13 AM - System Checkpoint

RP1557: 23/08/2011 5:35:39 PM - System Checkpoint

RP1558: 24/08/2011 6:02:24 PM - System Checkpoint

RP1559: 27/08/2011 4:32:55 PM - System Checkpoint

RP1560: 28/08/2011 5:20:46 PM - System Checkpoint

RP1561: 29/08/2011 1:19:59 AM - IObit Uninstaller restore point

RP1562: 29/08/2011 1:26:01 AM - Removed AVG Free 9.0

RP1563: 29/08/2011 1:41:06 AM - Installed AVG Free 9.0

.

==== Installed Programs ======================

.

Leawo AVI Converter version 3.1.0.0

AC3Filter 1.63b

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.5

Advanced SystemCare 4

µTorrent

Brother MFL-Pro Suite

Critical Update for Windows Media Player 11 (KB959772)

Dell CinePlayer

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Support Center (Support Software)

Dell System Restore

DellSupport

DivX Setup

Encyclopædia Britannica Deluxe Edition

Free DivX Converter 1.2.17

Free M4a to MP3 Converter 6.1

FreeFixer

GPL MPEG-1/2 DirectShow Decoder Filter

High Definition Audio Driver Package - KB835221

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

ImageMixer VCD2

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

Internet Explorer Default Page

IObit Malware Fighter

Java Auto Updater

Java 6 Update 21

Junk Mail filter update

K-Lite Codec Pack 6.5.0 (Basic)

Learn2 Player (Uninstall Only)

Macromedia HomeSite+

Malwarebytes' Anti-Malware version 1.51.1.1800

MCU

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 SR-1 Premium

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ Run Time Lib Setup

Mozilla Firefox (3.5.3)

Mozilla Firefox 6.0 (x86 en-GB)

MSN

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PaperPort

Photo! Editor 1.1

Picture Package

Protected Folder

QuickTime

RealPlayer Basic

Roxio DLA

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Skype™ 4.2

Sonic Activation Module

Sony USB Driver

Switch Sound File Converter

TopStyle Lite (Version 3.0)

TurboTax 2010

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.4053

Veoh Web Player

VLC media player 1.0.3

WebFldrs XP

WinAce Archiver

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Service Pack 3

WordPerfect Office 12

Xvid 1.2.1 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

27/08/2011 12:39:14 AM, error: System Error [1003] - Error code 000000d1, parameter1 0000000c, parameter2 00000002, parameter3 00000000, parameter4 aa625a38.

27/08/2011 1:30:27 AM, error: System Error [1003] - Error code 000000d1, parameter1 0000000c, parameter2 00000002, parameter3 00000000, parameter4 aa666a38.

26/08/2011 2:54:43 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.

25/08/2011 9:36:25 PM, error: System Error [1003] - Error code 000000d1, parameter1 f6c88858, parameter2 00000002, parameter3 00000001, parameter4 8263eb27.

25/08/2011 12:21:20 PM, error: Service Control Manager [7022] - The AVG Free WatchDog service hung on starting.

24/08/2011 4:14:49 AM, error: System Error [1003] - Error code 000000d1, parameter1 01e8c1bc, parameter2 00000002, parameter3 00000000, parameter4 f8443af2.

24/08/2011 3:48:55 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.

24/08/2011 3:47:08 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.

23/08/2011 10:24:02 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

23/08/2011 10:20:02 AM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.

22/08/2011 4:43:07 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.

22/08/2011 2:40:58 AM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).

22/08/2011 2:40:58 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr

See if it will run successfully now. Stop it after half an hour of no activity.

Link to post
Share on other sites
  • 2 weeks later...
Wrongulator

Wrongulator

Posted
  • Author
Posted

Sorry about the long delay in reply.

After the ComboFix application, it appears that all trace of the virus has been removed. ComboFix did download quite a bunch of Windows files that were either damaged or missing. I also had to remove and reinstall AVG.

While there seem to be no further issues with this virus, what all of this updating now seems to have resulted in is a computer that runs extremely slowly. For example, if I am playing music or a video on Media Player and have a couple of other largeish programs (say Microsoft Word and Firefox) open at the same time, the sound quality on Media player is constantly crackly or the picture keeps skipping, often unless I set Task Manager priority to High. Often when I have the dozen or so programs open that I frequently used to before when working with no problems, this can take some 30 seconds to a minute to switch between windows. Moving a large file of around 100 megs between folders took some 25 minutes when it would take 5 or so before. The mouse movements are often jerky and erratic. Even in typing this, there is a lag of a few seconds before the words that I have just typed will appear. I have tried resetting the computer to the point before this virus infection occurred but it will still not recognise the changes made and insists that none have been made - something that was a facet of this virus.

I will run the suggested Sega.com program and see if that picks up anything. Otherwise any suggestions?

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Please post the log created by ComboFix.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites
  • 4 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.