Jump to content

Virus Help Needed!


Recommended Posts

I have a virus on my computer. Trend micro, my installed virus checker is non-functional. I cannot run malwarebytes, it is closed after starting a scan. Files are deleted from the malwarebytes folder after a failed attempt. The internet is often redirected to strange search sites and is very slow. I have tried running Avira boot virus scan and it finds and renames 24 files, but never gets rid of the virus. Attached are the two files requested:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19

Run by jspickard at 10:57:43 on 2011-10-18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2867 [GMT -4:00]

.

AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Outdated* {8B5BA475-65C8-4E98-B021-A5CE5F317E64}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Trend Micro Personal Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\220843629:2452739826.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\explorer.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Trend Micro\OfficeScan Client\TMAS_OE\TMAS_OEMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\WINDOWS\system32\notepad.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.live.com

uWindow Title = Microsoft Internet Explorer provided by Lane Engineering

uStart Page = hxxp://companyweb/default.aspx

uDefault_Page_URL = hxxp://companyweb/default.aspx

mDefault_Page_URL = hxxp://companyweb/default.aspx

uWinlogon: Shell=c:\documents and settings\jspickard.lane\local settings\application data\6dce290d\X

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [<NO NAME>]

uRun: [VZWSUAM] "c:\documents and settings\jspickard.lane\application data\verizon\sua_ar\VZWSUAM.exe" /boot

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [Popup] "c:\program files\dell sas raid storage manager\megapopup\Popup.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [PrnStatusMX] c:\program files\hewlett-packard\prnstatusmx\PrnStatusMX.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [OE] c:\program files\trend micro\officescan client\tmas_oe\TMAS_OEMon.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

TCP: DhcpNameServer = 192.168.2.11 192.168.1.10

TCP: Interfaces\{B8DD1A4D-A227-4022-BFB8-A065ECF9676B} : DhcpNameServer = 192.168.2.11 192.168.1.10

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jspickard.lane\application data\mozilla\firefox\profiles\zwtz4gyb.default\

FF - prefs.js: browser.startup.homepage - hxxp://companyweb/DEFAULT.ASPX

FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-25 14336]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-11-2 57424]

R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2009-1-15 262416]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-1-15 36624]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-11-2 335376]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-2 41272]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

S2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"c:\program files\broadcom\asfipmon\asfipmon.exe" -service --> c:\program files\broadcom\asfipmon\AsfIpMon.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]

S3 TmPfw;OfficeScan NT Firewall;"c:\program files\trend micro\officescan client\tmpfw.exe" --> c:\program files\trend micro\officescan client\TmPfw.exe [?]

S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;"c:\program files\trend micro\officescan client\tmproxy.exe" --> c:\program files\trend micro\officescan client\TmProxy.exe [?]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.reg=Regedit.Document

.

=============== Created Last 30 ================

.

2011-10-18 14:49:17 -------- d-----w- c:\documents and settings\jspickard.lane\application data\SUPERAntiSpyware.com

2011-10-18 14:46:12 -------- d-----w- c:\program files\TEST

2011-10-17 20:09:24 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-10-17 20:09:24 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-10-17 16:40:01 -------- d-----w- c:\program files\MSECACHE

2011-10-17 15:21:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-10-17 13:50:38 -------- d-sh--w- c:\documents and settings\jspickard.lane\local settings\application data\6dce290d

2011-10-17 10:56:48 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f3bdd604-4a7b-43cb-b9ed-a6a236163f9b}\offreg.dll

2011-10-17 10:56:45 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f3bdd604-4a7b-43cb-b9ed-a6a236163f9b}\mpengine.dll

.

==================== Find3M ====================

.

2011-10-18 14:47:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-20 21:29:09 3734917767 ----a-w- c:\program files\AutoCAD_Civil3D_2011.exe

.

============= FINISH: 10:58:18.14 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/11/2009 10:06:54 AM

System Uptime: 10/18/2011 10:23:22 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0RW199

Processor: Intel® Xeon® CPU E5405 @ 2.00GHz | CPU | 1995/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 229.525 GiB free.

D: is CDROM (CDFS)

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP684: 7/20/2011 6:58:47 AM - Software Distribution Service 3.0

RP685: 7/21/2011 6:59:20 AM - Software Distribution Service 3.0

RP686: 7/22/2011 6:58:44 AM - Software Distribution Service 3.0

RP687: 7/25/2011 7:40:23 AM - System Checkpoint

RP688: 7/26/2011 6:54:54 AM - Software Distribution Service 3.0

RP689: 7/27/2011 6:54:25 AM - Software Distribution Service 3.0

RP690: 7/28/2011 6:54:44 AM - Software Distribution Service 3.0

RP691: 7/29/2011 6:54:15 AM - Software Distribution Service 3.0

RP692: 8/1/2011 7:03:27 AM - Software Distribution Service 3.0

RP693: 8/2/2011 6:58:34 AM - Software Distribution Service 3.0

RP694: 8/3/2011 7:15:09 AM - System Checkpoint

RP695: 8/4/2011 6:58:14 AM - Software Distribution Service 3.0

RP696: 8/5/2011 6:58:18 AM - Software Distribution Service 3.0

RP697: 8/6/2011 6:58:07 AM - Software Distribution Service 3.0

RP698: 8/7/2011 6:58:04 AM - Software Distribution Service 3.0

RP699: 8/8/2011 6:58:02 AM - Software Distribution Service 3.0

RP700: 8/9/2011 6:58:10 AM - Software Distribution Service 3.0

RP701: 8/10/2011 6:57:50 AM - Software Distribution Service 3.0

RP702: 8/11/2011 6:57:50 AM - Software Distribution Service 3.0

RP703: 8/12/2011 6:58:05 AM - Software Distribution Service 3.0

RP704: 8/13/2011 6:57:37 AM - Software Distribution Service 3.0

RP705: 8/14/2011 7:07:52 AM - System Checkpoint

RP706: 8/15/2011 6:57:56 AM - Software Distribution Service 3.0

RP707: 8/16/2011 6:57:35 AM - Software Distribution Service 3.0

RP708: 8/18/2011 7:05:37 AM - Software Distribution Service 3.0

RP709: 8/19/2011 6:59:33 AM - Software Distribution Service 3.0

RP710: 8/22/2011 6:58:45 AM - Software Distribution Service 3.0

RP711: 8/23/2011 6:53:38 AM - Software Distribution Service 3.0

RP712: 8/24/2011 6:53:13 AM - Software Distribution Service 3.0

RP713: 8/25/2011 6:53:16 AM - Software Distribution Service 3.0

RP714: 8/26/2011 6:53:25 AM - Software Distribution Service 3.0

RP715: 8/29/2011 7:02:35 AM - Software Distribution Service 3.0

RP716: 8/30/2011 6:57:13 AM - Software Distribution Service 3.0

RP717: 8/31/2011 6:57:27 AM - Software Distribution Service 3.0

RP718: 9/1/2011 6:57:11 AM - Software Distribution Service 3.0

RP719: 9/2/2011 6:57:03 AM - Software Distribution Service 3.0

RP720: 9/3/2011 10:45:11 AM - System Checkpoint

RP721: 9/3/2011 2:46:41 PM - Software Distribution Service 3.0

RP722: 9/4/2011 2:46:43 PM - Software Distribution Service 3.0

RP723: 9/5/2011 2:46:42 PM - Software Distribution Service 3.0

RP724: 9/6/2011 2:46:42 PM - Software Distribution Service 3.0

RP725: 9/7/2011 2:46:42 PM - Software Distribution Service 3.0

RP726: 9/8/2011 2:46:51 PM - Software Distribution Service 3.0

RP727: 9/12/2011 6:58:21 AM - Software Distribution Service 3.0

RP728: 9/13/2011 6:52:58 AM - Software Distribution Service 3.0

RP729: 9/14/2011 6:52:55 AM - Software Distribution Service 3.0

RP730: 9/15/2011 6:53:13 AM - Software Distribution Service 3.0

RP731: 9/16/2011 6:53:12 AM - Software Distribution Service 3.0

RP732: 9/19/2011 7:11:50 AM - Software Distribution Service 3.0

RP733: 9/20/2011 2:29:56 PM - Software Distribution Service 3.0

RP734: 9/21/2011 2:29:52 PM - Software Distribution Service 3.0

RP735: 9/22/2011 2:30:03 PM - Software Distribution Service 3.0

RP736: 9/23/2011 2:29:48 PM - Software Distribution Service 3.0

RP737: 9/24/2011 2:29:48 PM - Software Distribution Service 3.0

RP738: 9/25/2011 2:29:45 PM - Software Distribution Service 3.0

RP739: 9/26/2011 2:29:52 PM - Software Distribution Service 3.0

RP740: 9/27/2011 2:29:44 PM - Software Distribution Service 3.0

RP741: 9/28/2011 2:30:00 PM - Software Distribution Service 3.0

RP742: 9/29/2011 2:29:39 PM - Software Distribution Service 3.0

RP743: 10/3/2011 7:01:17 AM - Software Distribution Service 3.0

RP744: 10/4/2011 6:56:42 AM - Software Distribution Service 3.0

RP745: 10/5/2011 6:56:38 AM - Software Distribution Service 3.0

RP746: 10/6/2011 6:56:59 AM - Software Distribution Service 3.0

RP747: 10/7/2011 6:56:47 AM - Software Distribution Service 3.0

RP748: 10/8/2011 6:56:28 AM - Software Distribution Service 3.0

RP749: 10/9/2011 6:56:27 AM - Software Distribution Service 3.0

RP750: 10/10/2011 6:56:50 AM - Software Distribution Service 3.0

RP751: 10/11/2011 6:56:36 AM - Software Distribution Service 3.0

RP752: 10/11/2011 7:36:31 AM - Software Distribution Service 3.0

RP753: 10/12/2011 6:56:46 AM - Software Distribution Service 3.0

RP754: 10/13/2011 6:56:26 AM - Software Distribution Service 3.0

RP755: 10/14/2011 6:56:19 AM - Software Distribution Service 3.0

RP756: 10/15/2011 6:56:15 AM - Software Distribution Service 3.0

RP757: 10/16/2011 6:56:17 AM - Software Distribution Service 3.0

RP758: 10/17/2011 6:56:31 AM - Software Distribution Service 3.0

RP759: 10/17/2011 12:40:14 PM - Installed Windows Installer Clean Up

RP760: 10/17/2011 12:41:02 PM - Installed Windows Installer Clean Up

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe Acrobat 9 Standard - English, Français, Deutsch

Adobe Acrobat 9.4.6 - CPSID_83708

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Akamai NetSession Interface

AutoCAD 2011 VBA Enabler

AutoCAD Civil 2010 Object Enabler on Autodesk Vault 2010 (Client) - Language Neutral

AutoCAD Civil 2010 Object Enabler on DWG TrueView 2010 - Language Neutral

AutoCAD Civil 3D 2010

AutoCAD Civil 3D 2010 Language Pack - English

AutoCAD Civil 3D 2011

AutoCAD Civil 3D 2011 Language Pack - English

AutoCAD Raster Design 2010 Object Enabler on AutoCAD Civil 3D 2010 - English (United States)

AutoCAD Raster Design 2010 Object Enabler on Autodesk Vault 2010 (Client) - English (United States)

AutoCAD Raster Design 2010 Object Enabler on DWG TrueView 2010 - English (United States)

AutoCAD Raster Design 2011 Object Enabler on AutoCAD Civil 3D 2011 - English

Autodesk Design Review 2011

Autodesk Material Library 2011

Autodesk Material Library 2011 Base Image library

Autodesk Vault 2009 (Client)

Autodesk Vault 2010 (Client)

Autodesk Vault 2010 (Client) English Language Pack

Autodesk Vault 2011 (Client)

Autodesk Vault 2011 (Client) English Language Pack

BillQuick 2009

BillQuick 2009 (Patch Build 10.0.101)

BillQuick 2009 (Patch Build 10.0.95)

Broadcom ASF Management Applications

Broadcom Management Programs

Business Contact Manager for Outlook 2007 SP2

C3D_2009_VE_HF1

Crystal Reports 2008 Runtime SP2

Crystal Reports Basic Runtime for Visual Studio 2008

CUPSS

Dell Backup and Recovery Manager

Dell ETS Factory Installation

Dell SAS RAID Storage Manager

Dell SAS RAID Storage Manager v2.66-00

DWG TrueView 2009

DWG TrueView 2010

DWG TrueView 2011

EBAA Iron - Restaint Length Calculator (Version 6)

EOne Design Assistant 8.1

EPANET 2.0

ePrism

ESRI ArcExplorer 1.1

FARO LS 1.1.406.58

GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)

Google Chrome

Google Earth

Google Update Helper

GoToMeeting 4.5.0.457

HEC-RAS 4.0

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954434)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB958347)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB968764)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Intel® Matrix Storage Manager

Java Auto Updater

Java 6 Update 19

Junk Mail filter update

MFCLOC

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Report Viewer Redistributable 2008

Microsoft Search Enhancement Pack

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual Basic Power Packs 3.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft WSE 3.0 Runtime

Mozilla Firefox (3.6.23)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

NVIDIA Drivers

OGA Notifier 2.0.0048.0

PowerDVD DX

PrimoPDF -- by Nitro PDF Software

QBFC 5.0

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

SAMSUNG USB Driver for Mobile Phones

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB978380)

Security Update for Microsoft Office Excel 2007 (KB978382)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB969604)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978706)

Segoe UI

SimpleOCR 3.1

SUPERAntiSpyware

Trend Micro Client/Server Security Agent

Update for 2007 Microsoft Office System (KB967642)

Update for 2007 Microsoft Office System (KB977724)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office InfoPath 2007 (KB976416)

Update for Outlook 2007 Junk Email Filter (kb979895)

Update for Windows XP (KB898461)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VBA

VBA (2627.01)

Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC_AR)

Verizon Wireless Software Upgrade Assistant - Samsung(ar)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Presentation Foundation

Windows Search 4.0

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

10/18/2011 10:49:18 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

10/18/2011 10:14:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip tmtdi

10/18/2011 10:14:22 AM, error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The system cannot find the file specified.

10/17/2011 9:59:41 AM, error: Service Control Manager [7034] - The MRMonitor service terminated unexpectedly. It has done this 1 time(s).

10/17/2011 9:58:24 AM, error: Service Control Manager [7000] - The FLEXnet Licensing Service service failed to start due to the following error: Access is denied.

10/17/2011 9:58:22 AM, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).

10/17/2011 9:55:41 AM, error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).

10/17/2011 9:55:39 AM, error: Service Control Manager [7000] - The Trend Micro Client/Server Security Agent RealTime Scan service failed to start due to the following error: Access is denied.

10/17/2011 4:08:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

10/17/2011 4:08:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/17/2011 4:08:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

10/17/2011 4:07:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi

10/17/2011 4:07:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

10/17/2011 4:07:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/17/2011 4:07:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/17/2011 4:07:30 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

10/17/2011 3:59:20 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/17/2011 3:57:01 PM, error: NETLOGON [5719] - No Domain Controller is available for domain LANE due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

10/17/2011 3:56:47 PM, error: Service Control Manager [7001] - The MRMonitor service depends on the SSMFramework service which failed to start because of the following error: The system cannot find the file specified.

10/17/2011 3:56:47 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The system cannot find the file specified.

10/17/2011 3:56:47 PM, error: Service Control Manager [7000] - The Trend Micro Client/Server Security Agent Listener service failed to start due to the following error: The system cannot find the file specified.

10/17/2011 3:56:47 PM, error: Service Control Manager [7000] - The SSMFramework service failed to start due to the following error: The system cannot find the file specified.

10/17/2011 3:56:47 PM, error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: The system cannot find the file specified.

10/17/2011 3:56:47 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the file specified.

10/17/2011 3:56:47 PM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The system cannot find the file specified.

10/17/2011 3:56:47 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the file specified.

10/17/2011 3:56:47 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.

10/17/2011 3:56:47 PM, error: Service Control Manager [7000] - The Business Contact Manager SQL Server Startup Service service failed to start due to the following error: The system cannot find the file specified.

10/17/2011 3:56:47 PM, error: Service Control Manager [7000] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service failed to start due to the following error: The system cannot find the file specified.

10/17/2011 3:56:29 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'cdrom.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

10/17/2011 11:24:48 AM, error: Print [33] - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 6a7

10/17/2011 11:20:03 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

10/17/2011 11:20:03 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/17/2011 11:20:03 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/17/2011 11:13:21 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

10/17/2011 11:13:05 AM, error: Service Control Manager [7000] - The MRMonitor service failed to start due to the following error: Access is denied.

10/17/2011 11:13:05 AM, error: Service Control Manager [7000] - The Intel® Matrix Storage Event Monitor service failed to start due to the following error: Access is denied.

10/17/2011 10:25:10 AM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.

10/17/2011 10:24:55 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

10/13/2011 10:13:01 AM, error: Print [22] - Failed to ugrade printer settings for printer \\ChilhowieDC01\Xerox 6204 PS Wide Format,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Ps5ui.dll error 5.

10/12/2011 6:57:45 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696 (Definition 1.113.1471.0).

10/12/2011 6:57:40 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.1445.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80070643 Error description: Fatal error during installation.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Don't use quote tags please.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • Staff

Thanks for letting us know.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.