Much Malware

[Philippe]

I must have hit a bad link on a website, as scores of error messages immediately tiled themselves down my screen. I shut off the laptop with the power button. I did a system restore to the previous day's checkpoint. I then ran scans with Malwarebytes and Spybot (in Windows mode). I got the bogus messages regarding "Privacy Protection" and shut down for the day.

Today, in Safe Mode, I ran Malwarebytes which turned up 2 rogue.privacyprotection files, trojan.fqakealert, and trojan.fakealert. I restarted (in safe mode, and ran Spybot which turned up a right.media cookie. Restarted in safe mode and ran Malwarebytes which again turned up the privacy protection and fake alert. I then ran scans with my CA anti-virus, also in safe mode. I turned up 16 threats (cookies). Then, I ran the products again in Windows, and the problems appeared gone.

But, not so. I ran Malwarebytes again, and it turned up trojan. files. When using the PC now in Word or Excel it's slowed down, I get windows popping up, and it will redirect me from Google searches to other sites.

Now, I found this Malwarebyes forum.

I would greatly appreciate some help...

I have attached the dds and attach txt files, and I have pasted the text below if easier.

Thanks!!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Phil at 18:37:14 on 2011-11-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2203 [GMT -5:00]

.

AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe

C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\DRIVERS\o2flash.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\OEM13Mon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\CA\CA Internet Security Suite\casc.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.live.com

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\windows\system32\VetRedir.dll

LSP: mswsock.dll

DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.clevelandrod.com/view/tiffx.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: Interfaces\{4813C77B-55D6-4F18-A7EB-005066F7E5DB} : DhcpNameServer = 209.18.47.61 209.18.47.62

Notify: igfxcui - igfxdev.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 127.0.0.1 www.spywareinfo.com

Hosts: 192.168.1.100 HP000D9D2885F1

.

============= SERVICES / DRIVERS ===============

.

R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-7-29 164944]

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2011-7-29 123984]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-7-29 83536]

R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2011-11-10 206152]

R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2011-11-10 222544]

R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-6-26 206160]

R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096]

R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-7-29 331344]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-4-3 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-4-3 43608]

R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-4-3 141376]

R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-4-3 7424]

R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-4-3 235840]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

=============== Created Last 30 ================

.

2011-11-15 02:09:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-15 02:09:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-14 19:58:08 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-11-14 19:58:08 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-10 19:32:17 -------- d-----w- c:\documents and settings\all users\application data\CA-SupportBridge

2011-11-10 15:55:03 95568 ----a-w- c:\windows\system32\vetredir.dll

2011-11-10 15:55:03 202064 ----a-w- c:\windows\system32\Isafprod.dll

2011-11-10 15:55:03 128336 ----a-w- c:\windows\system32\isafeif.dll

.

==================== Find3M ====================

.

.

============= FINISH: 18:44:19.76 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 6/26/2010 4:23:44 PM

System Uptime: 11/15/2011 6:27:51 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0Y183C

Processor: Intel® Core2 Duo CPU T5670 @ 1.80GHz | U2E1 | 1795/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 181.909 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Dell Wireless 1395 WLAN Mini-Card

Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000B1028&REV_01\4&1B09A299&0&00E3

Manufacturer: Broadcom

Name: Dell Wireless 1395 WLAN Mini-Card

PNP Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000B1028&REV_01\4&1B09A299&0&00E3

Service: BCM43XX

.

==== System Restore Points ===================

.

RP295: 8/18/2011 6:12:32 PM - System Checkpoint

RP296: 8/19/2011 8:36:30 PM - System Checkpoint

RP297: 8/22/2011 3:34:48 PM - System Checkpoint

RP298: 8/24/2011 9:39:55 AM - System Checkpoint

RP299: 8/25/2011 4:59:45 PM - System Checkpoint

RP300: 8/28/2011 5:53:42 PM - System Checkpoint

RP301: 8/29/2011 6:01:08 PM - System Checkpoint

RP302: 8/31/2011 10:17:01 AM - System Checkpoint

RP303: 9/1/2011 10:26:14 AM - System Checkpoint

RP304: 9/2/2011 2:34:30 PM - System Checkpoint

RP305: 9/4/2011 4:35:25 PM - System Checkpoint

RP306: 9/5/2011 6:17:56 PM - System Checkpoint

RP307: 9/7/2011 10:44:00 AM - System Checkpoint

RP308: 9/8/2011 11:37:55 AM - System Checkpoint

RP309: 9/9/2011 1:34:34 PM - System Checkpoint

RP310: 9/10/2011 3:59:02 PM - System Checkpoint

RP311: 9/12/2011 2:18:59 PM - System Checkpoint

RP312: 9/13/2011 5:42:40 PM - System Checkpoint

RP313: 9/14/2011 6:47:51 PM - System Checkpoint

RP314: 9/16/2011 11:06:01 AM - System Checkpoint

RP315: 9/17/2011 8:53:15 PM - System Checkpoint

RP316: 9/19/2011 11:33:29 AM - System Checkpoint

RP317: 9/20/2011 11:45:03 AM - System Checkpoint

RP318: 9/21/2011 1:48:29 PM - System Checkpoint

RP319: 9/23/2011 1:46:38 PM - System Checkpoint

RP320: 9/25/2011 8:05:29 PM - System Checkpoint

RP321: 9/26/2011 9:41:32 PM - System Checkpoint

RP322: 9/28/2011 3:14:31 PM - System Checkpoint

RP323: 9/30/2011 10:42:56 AM - System Checkpoint

RP324: 10/3/2011 3:51:00 PM - System Checkpoint

RP325: 10/4/2011 11:14:00 PM - System Checkpoint

RP326: 10/6/2011 12:41:45 PM - System Checkpoint

RP327: 10/7/2011 10:22:09 PM - System Checkpoint

RP328: 10/13/2011 11:59:36 AM - System Checkpoint

RP329: 10/14/2011 12:46:51 PM - System Checkpoint

RP330: 10/16/2011 5:56:58 PM - System Checkpoint

RP331: 10/18/2011 10:43:42 AM - System Checkpoint

RP332: 10/19/2011 12:57:03 PM - System Checkpoint

RP333: 10/20/2011 3:30:00 PM - System Checkpoint

RP334: 10/24/2011 1:21:28 PM - System Checkpoint

RP335: 10/25/2011 1:39:50 PM - System Checkpoint

RP336: 10/26/2011 4:05:08 PM - System Checkpoint

RP337: 10/27/2011 5:19:42 PM - System Checkpoint

RP338: 10/28/2011 5:25:38 PM - System Checkpoint

RP339: 10/29/2011 6:13:09 PM - System Checkpoint

RP340: 10/31/2011 1:03:10 PM - System Checkpoint

RP341: 11/1/2011 1:04:31 PM - System Checkpoint

RP342: 11/2/2011 1:30:29 PM - System Checkpoint

RP343: 11/4/2011 11:11:32 AM - System Checkpoint

RP344: 11/5/2011 12:11:27 PM - System Checkpoint

RP345: 11/6/2011 6:35:04 PM - System Checkpoint

RP346: 11/8/2011 9:18:52 AM - System Checkpoint

RP347: 11/9/2011 9:45:03 AM - System Checkpoint

RP348: 11/10/2011 10:14:04 AM - System Checkpoint

RP349: 11/10/2011 10:53:22 AM - CA Internet Security Suite

RP350: 11/11/2011 7:15:18 PM - System Checkpoint

RP351: 11/12/2011 8:05:47 PM - System Checkpoint

RP352: 11/13/2011 8:35:13 PM - System Checkpoint

RP353: 11/14/2011 2:57:19 PM - Restore Operation

.

==== Installed Programs ======================

.

7300

7300_Help

7300Trb

Acrobat.com

Adobe Acrobat 6.0 Standard

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.3.3

Advanced Audio FX Engine

Advanced Video FX Engine

AiO_Scan

AiOSoftware

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AX88772

Bonjour

BufferChm

CA Anti-Virus Plus

Canon Camera Access Library

Canon Digital Camera Solution Disk 40-46 Software Starter Guide

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon Personal Printing Guide

Canon PowerShot A1100 IS Camera User Guide

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities MyCamera

Canon Utilities MyCamera DC

Canon Utilities PhotoStitch

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Choice Guard

Dell Support Center

Dell System Restore

Dell Touchpad

Dell Webcam Center

Dell Webcam Manager

Dell Wireless WLAN Card Utility

DeLorme Street Atlas USA 2005

DeLorme Street Atlas USA 2005 Data

Destinations

Director

Fax

GaPPS 4.20

Google Earth

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954434)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB958347)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP Extended Capabilities 4.7

HP Image Zone 4.7

HP Image Zone Express

HP Product Assistant

HP PSC & OfficeJet 4.7

HP Software Update

HPSystemDiagnostics

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java 6 Update 20

Junk Mail filter update

Laptop Integrated Webcam Driver (1.01.01.0529)

Lernout & Hauspie TruVoice American English TTS Engine

Live! Cam Avatar Creator

Live! Cam Avatar v1.0

Malwarebytes' Anti-Malware version 1.51.2.1300

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office Basic 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Live Meeting 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB927977)

PowerDVD

ProductContext

QFolder

QuickBooks Basic Edition 2003

QuickSet

QuickTime

Readme

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler 3

Roxio Update Manager

Scan

ScannerCopy

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Sonic CinePlayer Decoder Pack

Spybot - Search & Destroy

Street Atlas USA ® 9.0

Street Atlas USA 2005

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB898461)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

WebReg

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Presentation Foundation

Windows Search 4.0

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

11/9/2011 8:55:24 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.

11/15/2011 6:35:38 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

11/15/2011 11:04:36 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/15/2011 11:04:36 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

11/15/2011 11:03:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

11/15/2011 11:03:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/15/2011 10:13:16 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/15/2011 10:13:16 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

11/10/2011 9:03:42 AM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 002170A80F65 has been denied by the DHCP server 24.25.17.40 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

dds.txt

attach.txt

[Maniac]

Hello Philippe! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/paste in your next reply.
  

Step 1

Now it's time to clean the cache of Java, because of malware. Malware that could be found in this cache directory are not associated with the Java that was downloaded and installed on the system. A cache directory is aa temporary storage location. When the browser runs an applet or application, Java stores files into its cache directory for better performance.

Click Start => Control Panel.

Double-click the Java icon in the control panel. The Java Control Panel appears.

Click Settings under Temporary Internet Files. The Temporary Files Settings dialog box appears.

Click Delete Files. The Delete Temporary Files dialog box appears.

Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window. Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.

Step 2

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

In your next reply, please post the following log files:

• TDSSKiller log
  
• a new fresh DDS log only
  

[Philippe]

Hello Philippe! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/paste in your next reply.
  

Step 1

Now it's time to clean the cache of Java, because of malware. Malware that could be found in this cache directory are not associated with the Java that was downloaded and installed on the system. A cache directory is aa temporary storage location. When the browser runs an applet or application, Java stores files into its cache directory for better performance.

Click Start => Control Panel.

Double-click the Java icon in the control panel. The Java Control Panel appears.

Click Settings under Temporary Internet Files. The Temporary Files Settings dialog box appears.

Click Delete Files. The Delete Temporary Files dialog box appears.

Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window. Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.

Step 2

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

In your next reply, please post the following log files:

• TDSSKiller log
  
• a new fresh DDS log only
  

[Philippe]

Maniac,

Thank you very much for your response. Before then, I was able to get some support help from CA and I think the issues are resolved.

Thanks,

Philippe

[Maniac]

Thanks for letting me know, Philippe!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!