Philippe Posted November 16, 2011 ID:495026 Share Posted November 16, 2011 I must have hit a bad link on a website, as scores of error messages immediately tiled themselves down my screen. I shut off the laptop with the power button. I did a system restore to the previous day's checkpoint. I then ran scans with Malwarebytes and Spybot (in Windows mode). I got the bogus messages regarding "Privacy Protection" and shut down for the day. Today, in Safe Mode, I ran Malwarebytes which turned up 2 rogue.privacyprotection files, trojan.fqakealert, and trojan.fakealert. I restarted (in safe mode, and ran Spybot which turned up a right.media cookie. Restarted in safe mode and ran Malwarebytes which again turned up the privacy protection and fake alert. I then ran scans with my CA anti-virus, also in safe mode. I turned up 16 threats (cookies). Then, I ran the products again in Windows, and the problems appeared gone. But, not so. I ran Malwarebytes again, and it turned up trojan. files. When using the PC now in Word or Excel it's slowed down, I get windows popping up, and it will redirect me from Google searches to other sites.Now, I found this Malwarebyes forum. I would greatly appreciate some help...I have attached the dds and attach txt files, and I have pasted the text below if easier.Thanks!!.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Phil at 18:37:14 on 2011-11-15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2203 [GMT -5:00].AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exeC:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\DRIVERS\o2flash.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\DellTPad\Apoint.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files\DellTPad\HidFind.exeC:\Program Files\DellTPad\Apntex.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\OEM13Mon.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\CA\CA Internet Security Suite\casc.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\SearchProtocolHost.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uSearch Page = hxxp://www.live.comuInternet Settings,ProxyOverride = *.localBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dlluRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduleruRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exemRun: [Apoint] c:\program files\delltpad\Apoint.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /smRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exemRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exemRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllLSP: c:\windows\system32\VetRedir.dllLSP: mswsock.dllDPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.clevelandrod.com/view/tiffx.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabTCP: Interfaces\{4813C77B-55D6-4F18-A7EB-005066F7E5DB} : DhcpNameServer = 209.18.47.61 209.18.47.62Notify: igfxcui - igfxdev.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllHosts: 127.0.0.1 www.spywareinfo.comHosts: 192.168.1.100 HP000D9D2885F1.============= SERVICES / DRIVERS ===============.R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-7-29 164944]R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2011-7-29 123984]R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-7-29 83536]R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2011-11-10 206152]R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2011-11-10 222544]R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-6-26 206160]R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096]R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-7-29 331344]R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-4-3 51288]R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-4-3 43608]R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-4-3 141376]R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-4-3 7424]R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-4-3 235840]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?].=============== Created Last 30 ================.2011-11-15 02:09:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-15 02:09:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-11-14 19:58:08 -------- d-----w- c:\windows\system32\wbem\repository\FS2011-11-14 19:58:08 -------- d-----w- c:\windows\system32\wbem\Repository2011-11-10 19:32:17 -------- d-----w- c:\documents and settings\all users\application data\CA-SupportBridge2011-11-10 15:55:03 95568 ----a-w- c:\windows\system32\vetredir.dll2011-11-10 15:55:03 202064 ----a-w- c:\windows\system32\Isafprod.dll2011-11-10 15:55:03 128336 ----a-w- c:\windows\system32\isafeif.dll.==================== Find3M ====================..============= FINISH: 18:44:19.76 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 6/26/2010 4:23:44 PMSystem Uptime: 11/15/2011 6:27:51 PM (0 hours ago).Motherboard: Dell Inc. | | 0Y183CProcessor: Intel® Core2 Duo CPU T5670 @ 1.80GHz | U2E1 | 1795/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 223 GiB total, 181.909 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Dell Wireless 1395 WLAN Mini-CardDevice ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000B1028&REV_01\4&1B09A299&0&00E3Manufacturer: BroadcomName: Dell Wireless 1395 WLAN Mini-CardPNP Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000B1028&REV_01\4&1B09A299&0&00E3Service: BCM43XX.==== System Restore Points ===================.RP295: 8/18/2011 6:12:32 PM - System CheckpointRP296: 8/19/2011 8:36:30 PM - System CheckpointRP297: 8/22/2011 3:34:48 PM - System CheckpointRP298: 8/24/2011 9:39:55 AM - System CheckpointRP299: 8/25/2011 4:59:45 PM - System CheckpointRP300: 8/28/2011 5:53:42 PM - System CheckpointRP301: 8/29/2011 6:01:08 PM - System CheckpointRP302: 8/31/2011 10:17:01 AM - System CheckpointRP303: 9/1/2011 10:26:14 AM - System CheckpointRP304: 9/2/2011 2:34:30 PM - System CheckpointRP305: 9/4/2011 4:35:25 PM - System CheckpointRP306: 9/5/2011 6:17:56 PM - System CheckpointRP307: 9/7/2011 10:44:00 AM - System CheckpointRP308: 9/8/2011 11:37:55 AM - System CheckpointRP309: 9/9/2011 1:34:34 PM - System CheckpointRP310: 9/10/2011 3:59:02 PM - System CheckpointRP311: 9/12/2011 2:18:59 PM - System CheckpointRP312: 9/13/2011 5:42:40 PM - System CheckpointRP313: 9/14/2011 6:47:51 PM - System CheckpointRP314: 9/16/2011 11:06:01 AM - System CheckpointRP315: 9/17/2011 8:53:15 PM - System CheckpointRP316: 9/19/2011 11:33:29 AM - System CheckpointRP317: 9/20/2011 11:45:03 AM - System CheckpointRP318: 9/21/2011 1:48:29 PM - System CheckpointRP319: 9/23/2011 1:46:38 PM - System CheckpointRP320: 9/25/2011 8:05:29 PM - System CheckpointRP321: 9/26/2011 9:41:32 PM - System CheckpointRP322: 9/28/2011 3:14:31 PM - System CheckpointRP323: 9/30/2011 10:42:56 AM - System CheckpointRP324: 10/3/2011 3:51:00 PM - System CheckpointRP325: 10/4/2011 11:14:00 PM - System CheckpointRP326: 10/6/2011 12:41:45 PM - System CheckpointRP327: 10/7/2011 10:22:09 PM - System CheckpointRP328: 10/13/2011 11:59:36 AM - System CheckpointRP329: 10/14/2011 12:46:51 PM - System CheckpointRP330: 10/16/2011 5:56:58 PM - System CheckpointRP331: 10/18/2011 10:43:42 AM - System CheckpointRP332: 10/19/2011 12:57:03 PM - System CheckpointRP333: 10/20/2011 3:30:00 PM - System CheckpointRP334: 10/24/2011 1:21:28 PM - System CheckpointRP335: 10/25/2011 1:39:50 PM - System CheckpointRP336: 10/26/2011 4:05:08 PM - System CheckpointRP337: 10/27/2011 5:19:42 PM - System CheckpointRP338: 10/28/2011 5:25:38 PM - System CheckpointRP339: 10/29/2011 6:13:09 PM - System CheckpointRP340: 10/31/2011 1:03:10 PM - System CheckpointRP341: 11/1/2011 1:04:31 PM - System CheckpointRP342: 11/2/2011 1:30:29 PM - System CheckpointRP343: 11/4/2011 11:11:32 AM - System CheckpointRP344: 11/5/2011 12:11:27 PM - System CheckpointRP345: 11/6/2011 6:35:04 PM - System CheckpointRP346: 11/8/2011 9:18:52 AM - System CheckpointRP347: 11/9/2011 9:45:03 AM - System CheckpointRP348: 11/10/2011 10:14:04 AM - System CheckpointRP349: 11/10/2011 10:53:22 AM - CA Internet Security SuiteRP350: 11/11/2011 7:15:18 PM - System CheckpointRP351: 11/12/2011 8:05:47 PM - System CheckpointRP352: 11/13/2011 8:35:13 PM - System CheckpointRP353: 11/14/2011 2:57:19 PM - Restore Operation.==== Installed Programs ======================.73007300_Help7300TrbAcrobat.comAdobe Acrobat 6.0 StandardAdobe AIRAdobe Flash Player 10 ActiveXAdobe Reader 9.3.3Advanced Audio FX EngineAdvanced Video FX EngineAiO_ScanAiOSoftwareApple Application SupportApple Mobile Device SupportApple Software UpdateAX88772BonjourBufferChmCA Anti-Virus PlusCanon Camera Access LibraryCanon Digital Camera Solution Disk 40-46 Software Starter GuideCANON iMAGE GATEWAY Task for ZoomBrowser EXCanon Internet Library for ZoomBrowser EXCanon MovieEdit Task for ZoomBrowser EXCanon Personal Printing GuideCanon PowerShot A1100 IS Camera User GuideCanon Utilities CameraWindowCanon Utilities CameraWindow DCCanon Utilities CameraWindow DC_DV 6 for ZoomBrowser EXCanon Utilities MyCameraCanon Utilities MyCamera DCCanon Utilities PhotoStitchCanon Utilities RemoteCapture Task for ZoomBrowser EXCanon Utilities ZoomBrowser EXCanon ZoomBrowser EX Memory Card UtilityChoice GuardDell Support CenterDell System RestoreDell TouchpadDell Webcam CenterDell Webcam ManagerDell Wireless WLAN Card UtilityDeLorme Street Atlas USA 2005DeLorme Street Atlas USA 2005 DataDestinationsDirectorFaxGaPPS 4.20Google EarthHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB915800-v4)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB953955)Hotfix for Windows XP (KB954434)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB954708)Hotfix for Windows XP (KB958347)Hotfix for Windows XP (KB959252)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB981793)HP Extended Capabilities 4.7HP Image Zone 4.7HP Image Zone ExpressHP Product AssistantHP PSC & OfficeJet 4.7HP Software UpdateHPSystemDiagnosticsIntel® Graphics Media Accelerator DriveriTunesJava Auto UpdaterJava 6 Update 20Junk Mail filter updateLaptop Integrated Webcam Driver (1.01.01.0529) Lernout & Hauspie TruVoice American English TTS EngineLive! Cam Avatar CreatorLive! Cam Avatar v1.0Malwarebytes' Anti-Malware version 1.51.2.1300MarketResearchMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2416447)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft Office Basic 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Live Meeting 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Search Enhancement PackMicrosoft SilverlightMicrosoft Software Update for Web Folders (English) 12Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft Visual C++ 2005 RedistributableMSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6.0 Parser (KB927977)PowerDVDProductContextQFolderQuickBooks Basic Edition 2003QuickSetQuickTimeReadmeRealtek High Definition Audio DriverRoxio Activation ModuleRoxio Creator AudioRoxio Creator BDAV PluginRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Drag-to-DiscRoxio Express Labeler 3Roxio Update ManagerScanScannerCopySecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player (KB979402)Security Update for Windows Search 4 - KB963093Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2183461)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982381)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Segoe UISonic CinePlayer Decoder PackSpybot - Search & DestroyStreet Atlas USA ® 9.0Street Atlas USA 2005TrayAppUnloadUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB976662)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB898461)Update for Windows XP (KB951618-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)WebFldrs XPWebRegWindows Internet Explorer 8Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live ToolbarWindows Live Upload ToolWindows Live WriterWindows Presentation FoundationWindows Search 4.0XML Paper Specification Shared Components Pack 1.0.==== Event Viewer Messages From Past Week ========.11/9/2011 8:55:24 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.11/15/2011 6:35:38 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).11/15/2011 11:04:36 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.11/15/2011 11:04:36 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.11/15/2011 11:03:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}11/15/2011 11:03:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}11/15/2011 10:13:16 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/15/2011 10:13:16 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.11/10/2011 9:03:42 AM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 002170A80F65 has been denied by the DHCP server 24.25.17.40 (The DHCP Server sent a DHCPNACK message)..==== End Of File ===========================dds.txtattach.txt Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2011 ID:495217 Share Posted November 16, 2011 Hello Philippe! My name is Maniac and I will be glad to help you solve your malware problem.Please note:I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/paste in your next reply.Step 1Now it's time to clean the cache of Java, because of malware. Malware that could be found in this cache directory are not associated with the Java that was downloaded and installed on the system. A cache directory is aa temporary storage location. When the browser runs an applet or application, Java stores files into its cache directory for better performance.Click Start => Control Panel.Double-click the Java icon in the control panel. The Java Control Panel appears.Click Settings under Temporary Internet Files. The Temporary Files Settings dialog box appears.Click Delete Files. The Delete Temporary Files dialog box appears.Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.Click OK on Temporary Files Settings window. Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively. Step 2I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer <== click me for instructions.After you disabled Teatimer, download ResetTeaTimer.exe to your desktop. Then run ResetTeaTimer.exe.This will only take a few seconds.Step 3Download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.Click the Start Scan button.If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.In your next reply, please post the following log files:TDSSKiller loga new fresh DDS log only Link to post Share on other sites More sharing options...
Philippe Posted November 16, 2011 Author ID:495362 Share Posted November 16, 2011 Hello Philippe! My name is Maniac and I will be glad to help you solve your malware problem.Please note:I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/paste in your next reply.Step 1Now it's time to clean the cache of Java, because of malware. Malware that could be found in this cache directory are not associated with the Java that was downloaded and installed on the system. A cache directory is aa temporary storage location. When the browser runs an applet or application, Java stores files into its cache directory for better performance.Click Start => Control Panel.Double-click the Java icon in the control panel. The Java Control Panel appears.Click Settings under Temporary Internet Files. The Temporary Files Settings dialog box appears.Click Delete Files. The Delete Temporary Files dialog box appears.Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.Click OK on Temporary Files Settings window. Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively. Step 2I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer <== click me for instructions.After you disabled Teatimer, download ResetTeaTimer.exe to your desktop. Then run ResetTeaTimer.exe.This will only take a few seconds.Step 3Download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.Click the Start Scan button.If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.In your next reply, please post the following log files:TDSSKiller loga new fresh DDS log only Link to post Share on other sites More sharing options...
Philippe Posted November 16, 2011 Author ID:495364 Share Posted November 16, 2011 Maniac,Thank you very much for your response. Before then, I was able to get some support help from CA and I think the issues are resolved.Thanks,Philippe Link to post Share on other sites More sharing options...
Maniac Posted November 17, 2011 ID:495553 Share Posted November 17, 2011 Thanks for letting me know, Philippe! Link to post Share on other sites More sharing options...
LDTate Posted November 17, 2011 ID:495649 Share Posted November 17, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts