Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-virus, malware removal do not run to completion


  • This topic is locked This topic is locked
2 replies to this topic

#1 letnja_kisha

letnja_kisha

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 03 January 2014 - 11:21 AM

Hello,

 

My computer is definitely infected, both malware (Malware Bytes) and anti-virus (Avast) programs find tons of infected files, but neither program runs to completion (tried both in regular and safe mode, also tried the Avast boot scan). Also, when I tried enabling the Windows firewall, it told me that due to an unspecified problem Firewall settings could not be displayed.

 

Here is the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6000.17080
Run by Danica at 11:11:07 on 2014-01-03
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.482 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Danica\Application Data\T-Mobile Internet Manager\ouc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1009&m=aspire_one
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1009&m=aspire_one
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1009&m=aspire_one
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1009&m=aspire_one
uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1009&m=aspire_one
uWindows: Load = c:\docume~1\danica\locals~1\applic~1\kb956841\KB956841.pif
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common 
 
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft 
 
shared\windows live\WindowsLiveLogin.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\danica\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "c:\program files\t-mobile\internetmanager_h\updatedog\ouc.exe"
mRun: [DataCardMonitor] c:\program files\t-mobile\internetmanager_h\DataCardMonitor.exe
mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [adecat] "c:\windows\system32\rundll32.exe" "c:\documents and settings\danica\application data\adecat.dll",read_image
dRunOnce: [KB956841] c:\windows\system32\config\systemprofile\local settings\application data\kb956841\KB956841.com
dRunOnce: [DXM_Runtime] c:\windows\system32\config\systemprofile\my documents\dxm_runtime\DXM_Runtime.com
dRunOnce: [KB975560] c:\windows\system32\config\systemprofile\my documents\kb975560\KB975560.exe
dRunOnce: [HOMESTUDENTR] c:\windows\system32\config\systemprofile\application data\homestudentr\HOMESTUDENTR.com
dRunOnce: [DirectAnimation] c:\documents and settings\danica\my documents\schedulingagent\SchedulingAgent.pif
dRunOnce: [KB2079403] c:\windows\system32\config\systemprofile\local settings\application data\kb2079403\KB2079403.com
uExplorerRun: [KB956841] c:\documents and settings\danica\local settings\application data\kb956841\KB956841.pif
uExplorerRun: [KB956841] c:\windows\system32\config\systemprofile\local settings\application data\kb956841\KB956841.com
uExplorerRun: [DXM_Runtime] c:\windows\system32\config\systemprofile\my documents\dxm_runtime\DXM_Runtime.com
uExplorerRun: [KB975560] c:\windows\system32\config\systemprofile\my documents\kb975560\KB975560.exe
uExplorerRun: [HOMESTUDENTR] c:\windows\system32\config\systemprofile\application data\homestudentr\HOMESTUDENTR.com
uExplorerRun: [DirectAnimation] c:\documents and settings\danica\my documents\schedulingagent\SchedulingAgent.pif
uExplorerRun: [KB2079403] c:\windows\system32\config\systemprofile\local settings\application data\kb2079403\KB2079403.com
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google 
 
toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows 
 
live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft 
 
office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F3B45662-388B-407D-B3F8-9FFCBC6D44F8} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63
 
\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\danica\application data\mozilla\firefox\profiles\llwt2fvi.default-1384392777578\
FF - plugin: c:\documents and settings\danica\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\danica\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\danica\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\danica\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50826.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-2 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-2 180248]
R0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2011-7-11 13184]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-1-2 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-1-2 410528]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-1-2 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-1-2 50344]
R2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\DCService.exe [2010-8-19 
 
229376]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-3-12 237568]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-7-11 63616]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys 
 
[2009-3-3 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [2009-5-23 145408]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-12 1684736]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys 
 
[2010-6-18 102448]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-7-11 101504]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys [2011-7-11 7552]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2011-7-11 69504]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-1-2 40776]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32
 
\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-01-02 23:49:04 81984 ----a-w- c:\windows\system32\bdod.bin
2013-12-10 21:07:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 21:07:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 11:11:55.07 ===============
 
Thanks.
 

Attached Files



BC AdBot (Login to Remove)

 


#2 letnja_kisha

letnja_kisha
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 03 January 2014 - 02:30 PM

I tried to install a third-party firewall, but after I did that, I would get a blue screen and the computer would not start up. I took it to a repair shop for them to try to figure it out.

 

Thanks.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 20,202 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:43 PM

Posted 08 January 2014 - 08:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users