Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Log File Removal


  • This topic is locked This topic is locked
2 replies to this topic

#1 lmkraft

lmkraft

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 07 January 2009 - 11:05 AM

Can someone please help and tell me what and how I remove any remnants of malware? Thank you.


DDS (Ver_09-01-07.01) - NTFSx86
Run by skenney at 10:36:28.40 on Wed 01/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.998.513 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\skenney\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cnn.com/
mSearch Bar =
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Intuit Financial Center] c:\program files\intuit\quickbooks financial center\exe\entice.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: {72F4EC61-7A8A-454C-810A-C7FF5EA369B5} = 66.174.95.44 66.174.92.14
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\skenney\applic~1\mozilla\firefox\profiles\hd8fy2rm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-9-28 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-9-28 19504]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-6-13 4442]
R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2008-11-3 58240]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
R4 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]

============== File Associations ===============

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-01-07 10:20 <DIR> a-dshr-- C:\cmdcons
2009-01-07 10:18 161,792 a------- c:\windows\SWREG.exe
2009-01-07 10:18 98,816 a------- c:\windows\sed.exe
2009-01-07 08:25 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-01-07 08:22 138,496 -------- c:\windows\system32\dllcache\afd.sys
2009-01-07 08:22 104,960 -------- c:\windows\system32\dllcache\win32spl.dll
2009-01-07 08:22 74,752 -------- c:\windows\system32\dllcache\msw3prt.dll
2009-01-07 08:21 765,952 -------- c:\windows\system32\dllcache\vgx.dll
2009-01-07 08:21 9,696 -------- c:\windows\system32\dllcache\drvmain.sdb
2009-01-07 08:21 1,214,526 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-01-07 08:21 790,846 -------- c:\windows\system32\dllcache\apph_sp.sdb
2009-01-07 08:21 8,461,312 -------- c:\windows\system32\dllcache\shell32.dll
2009-01-07 08:21 97,280 -------- c:\windows\system32\dllcache\psbase.dll
2009-01-07 08:21 465,920 -------- c:\windows\system32\imapi2fs.dll
2009-01-07 08:21 465,920 -------- c:\windows\system32\dllcache\imapi2fs.dll
2009-01-07 08:21 317,952 -------- c:\windows\system32\imapi2.dll
2009-01-07 08:21 317,952 -------- c:\windows\system32\dllcache\imapi2.dll
2009-01-07 08:21 62,976 -------- c:\windows\system32\dllcache\cdrom.sys
2009-01-07 08:20 92,672 -------- c:\windows\system32\dllcache\policman.dll
2009-01-07 08:20 68,096 -------- c:\windows\system32\dllcache\ntdsapi.dll
2009-01-07 08:20 343,040 -------- c:\windows\system32\dllcache\localspl.dll
2009-01-07 08:20 199,680 -------- c:\windows\system32\dllcache\gptext.dll
2009-01-07 08:20 175,104 -------- c:\windows\system32\dllcache\w32time.dll
2009-01-07 08:20 134,144 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-01-07 08:20 132,608 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-01-07 08:20 113,152 -------- c:\windows\system32\dllcache\dsuiext.dll
2009-01-07 08:20 52,736 -------- c:\windows\system32\dllcache\w32tm.exe
2009-01-07 08:19 728,064 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-01-07 08:19 407,040 -------- c:\windows\system32\dllcache\netlogon.dll
2009-01-07 08:19 68,096 -------- c:\windows\system32\dllcache\adsmsext.dll
2009-01-07 08:19 <DIR> --d----- c:\program files\Messenger
2009-01-07 08:19 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-07 08:13 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-07 08:12 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-07 08:12 117,760 -------- c:\windows\system32\prntvpt.dll
2009-01-07 08:12 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-07 08:12 <DIR> --d----- C:\92acd811a1de0adf13c36d
2009-01-07 08:12 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-01-07 08:12 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-07 08:12 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-01-07 08:12 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-07 08:12 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-07 08:09 <DIR> --d----- c:\windows\system32\MUI
2009-01-07 08:04 <DIR> --d----- c:\program files\Dir2File
2009-01-07 08:04 61,440 a------- c:\windows\ContextMenuExt.dll
2009-01-07 08:01 40,960 a------- c:\windows\system32\SSUBTMR6.DLL
2009-01-06 15:49 <DIR> --d----- c:\program files\SoftLogica
2009-01-06 15:46 236 a---h--- c:\program files\common files\dx.reg
2009-01-06 15:46 1,203,792 a------- c:\windows\system32\ntdllnew.dll
2009-01-06 15:46 655,872 a------- c:\windows\system32\msvcr90.dll
2009-01-06 15:46 635,904 a------- c:\windows\system32\msvcr80.dll
2009-01-06 15:46 572,928 a------- c:\windows\system32\msvcp90.dll
2009-01-06 15:46 558,080 a------- c:\windows\system32\msvcp80.dll
2009-01-06 15:46 479,232 a------- c:\windows\system32\msvcm80.dll
2009-01-06 15:46 225,280 a------- c:\windows\system32\msvcm90.dll
2009-01-06 15:46 1,029,126 a------- c:\windows\system32\d3d10.dll
2009-01-06 15:46 376,832 a------- c:\windows\system32\M2000Twn.dll
2009-01-06 15:46 728,858 a------- c:\program files\common files\unins000.exe
2009-01-06 15:46 440,080 a------- c:\windows\system32\d3dx10.dll
2009-01-06 15:46 2,530 a------- c:\program files\common files\unins000.dat
2009-01-06 14:48 124,688 a------- c:\windows\system32\MSWINSCK.OCX
2009-01-06 14:48 10,752 a------- c:\windows\system32\aamd532.dll
2009-01-05 12:05 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-01-05 11:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-05 10:31 <DIR> --dshr-- C:\RRbackups
2009-01-05 10:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2009-01-05 09:30 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-05 09:30 <DIR> --d----- c:\docume~1\skenney\applic~1\SUPERAntiSpyware.com
2009-01-05 09:29 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-01 22:06 2,707 a------- c:\windows\system32\TDSSfxmp.dll
2008-12-27 17:09 2,086,921 a------- c:\program files\common files\InternetAntivirusPro.exe
2008-12-09 13:41 <DIR> --d----- c:\program files\common files\supportsoft
2008-12-09 13:39 1,843,200 a------- c:\windows\system32\acXMLParser.dll
2008-12-09 13:39 3,518,464 a------- c:\windows\system32\cdintf300.dll
2008-12-09 13:33 <DIR> --d----- c:\program files\common files\Intuit
2008-12-09 13:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2008-12-09 13:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\COMMON FILES
2008-12-09 13:21 <DIR> --d----- c:\program files\MSXML 4.0
2008-12-08 15:41 <DIR> --d----- c:\program files\Network DeepScan 2
2008-12-08 15:01 <DIR> --d----- c:\windows\Recent

==================== Find3M ====================

2009-01-05 11:08 10,671 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-05 11:08 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-13 01:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-11-25 14:42 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-11-25 14:29 361,600 a------- c:\windows\system32\drivers\tcpip.sys
2008-11-25 14:29 36,864 a------- c:\windows\system32\dllcache\ctfmon.exe
2008-11-25 14:29 36,864 a------- c:\windows\system32\ctfmon.exe
2008-11-25 14:17 140,288 a------- c:\windows\system32\sfc_os.dll
2008-11-02 09:02 7,680 a------- c:\windows\system32\ff_vfw.dll
2008-10-28 17:35 684,032 a------- c:\windows\system32\divx.dll
2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-10 04:52 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2008-10-10 04:52 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2008-10-10 04:52 452,440 a------- c:\windows\system32\d3dx10_40.dll
2008-06-13 13:31 32,768 ---sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 10:36:44.46 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/6/2008 2:18:48 AM
System Uptime: 1/7/2009 10:23:17 AM (0 hours ago)

Motherboard: LENOVO | | 77322MU
Processor: Intel® Core™2 Duo CPU T5550 @ 1.83GHz | None | 1829/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 105 GiB total, 88.205 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: NEC PCI to USB Open Host Controller
Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_A50019CD&REV_43\5&2B491BAE&0&0100F0
Manufacturer: NEC
Name: NEC PCI to USB Open Host Controller
PNP Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_A50019CD&REV_43\5&2B491BAE&0&0100F0
Service: usbohci

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Hands-free Audio
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTAUDIO\1&30EE4AD&0&1000000030000
Manufacturer:
Name: Bluetooth Hands-free Audio
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTAUDIO\1&30EE4AD&0&1000000030000
Service:

==== System Restore Points ===================

RP1: 1/7/2009 10:18:09 AM - System Checkpoint
RP2: 1/7/2009 10:18:30 AM - ComboFix created restore point

==== Installed Programs ======================


Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware SE Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
Business Contact Manager for Outlook 2007 SP1
CCleaner (remove only)
Client Security Solution
Corel Business Center
Curitel PC Card Software
DirectX10 NCT Release 2
Handy Recovery 4.0
Help Center
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB928788)
Hotfix for Windows Media Format 11 SDK (KB929773)
Hotfix for Windows Media Format 11 SDK (KB932390)
Hotfix for Windows Media Format 11 SDK (KB933547)
Hotfix for Windows Media Format 11 SDK (KB935551)
Hotfix for Windows Media Format 11 SDK (KB935552)
Hotfix for Windows Media Format 11 SDK (KB939209)
Hotfix for Windows Media Player 11 (KB935957)
Hotfix for Windows Media Player 11 (KB944882)
Hotfix for Windows Media Player 11 (KB945381)
Hotfix for Windows Media Player 11 (KB950478)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB944043-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
HP Deskjet 6500
HP Software Update
Integrated Camera
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo Register Manager
InterVideo WinDVD
InterVideo WinDVD Creator 3
J2SE Runtime Environment 5.0 Update 6
K-Lite Mega Codec Pack 4.3.1
Lenovo Care
Lenovo Care Supplement
Lenovo Registration
Maintenance Manager
mCore
mDriver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB925168)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft English TTS Engine
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Streets & Trips 2008
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mMHouse
Mozilla Firefox (3.0.5)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
mWlsSafe
On Screen Display
PANTECH PC Card Software
Picasa 2
Presentation Director
QuickBooks Financial Center
QuickBooks Pro 2008
RecordNow Audio
RecordNow Copy
RecordNow Data
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
SAPI Wrapper
Security Update for CAPICOM (KB931906)
Security Update for Office 2007 (KB936514)
Security Update for Outlook 2007 (KB946983)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955417)
Security Update for Windows XP (KB956802)
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
Super Fast Shutdown 1.0
SUPERAntiSpyware Professional
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Technologies Welcome Message
TTS Wrapper
UltraISO Premium V9.31
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB958752)
VZAccess Manager
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.1
Windows PowerShell™ 1.0
WinRAR archiver
WinXP Manager
WordPerfect Office X3
XP Themes
XPlite PROFESSIONAL
XQDC X-Setup Pro 9.0.100

==== Event Viewer Messages From Past Week ========

12/31/2008 1:27:18 PM, error: Print [23] - Printer Send To OneNote 2007 failed to initialize because a suitable Send To Microsoft OneNote Driver driver could not be found.
12/31/2008 12:44:45 PM, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/31/2008 2:53:48 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
12/31/2008 2:53:54 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
1/1/2009 12:36:57 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
1/1/2009 10:04:22 PM, error: Print [19] - Sharing printer failed + 1722, Printer HP LaserJet 6L share name Printer2.
1/5/2009 9:41:58 AM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 1 time(s).
1/5/2009 9:42:02 AM, error: Service Control Manager [7034] - The TVT Backup Service service terminated unexpectedly. It has done this 1 time(s).
1/5/2009 9:42:07 AM, error: Service Control Manager [7034] - The ThinkPad HDD APS Logging Service service terminated unexpectedly. It has done this 1 time(s).
1/5/2009 9:42:12 AM, error: Service Control Manager [7034] - The TSS Core Service service terminated unexpectedly. It has done this 1 time(s).
1/5/2009 9:42:23 AM, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
1/5/2009 9:42:38 AM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
1/5/2009 9:42:42 AM, error: Service Control Manager [7034] - The Remote Procedure Call (RPC) Locator service terminated unexpectedly. It has done this 1 time(s).
1/5/2009 9:42:49 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
1/5/2009 9:42:55 AM, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1 time(s).
1/5/2009 10:28:31 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/5/2009 10:28:38 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/5/2009 10:29:37 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2009 10:29:37 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2009 10:29:37 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2009 10:29:37 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SYMTDI Tcpip TPHKDRV TPPWRIF TSMAPIP
1/5/2009 10:29:41 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/5/2009 11:55:27 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate Scheduler service to connect.
1/5/2009 11:55:57 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service Automatic LiveUpdate Scheduler with arguments "" in order to run the server: {67377570-6FC6-4B15-A5B9-D6C80957767D}
1/7/2009 8:37:07 AM, error: SRTSP [5] -
1/7/2009 8:38:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
1/7/2009 8:38:54 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service Symantec AntiVirus with arguments "" in order to run the server: {5CEC0E13-CF22-414C-8D67-D44B06420FC1}
1/7/2009 8:38:57 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service Symantec AntiVirus with arguments "" in order to run the server: {98694799-6891-4FD7-A91D-FB43B78AEC8C}
1/7/2009 10:25:19 AM, error: Service Control Manager [7023] - The Error Reporting Service service terminated with the following error: The specified module could not be found.
1/7/2009 10:25:19 AM, error: Service Control Manager [7023] - The Security Center service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

Attached Files

  • Attached File  dds.txt   15.21KB   3 downloads
  • Attached File  log2.txt   12.74KB   5 downloads


BC AdBot (Login to Remove)

 


#2 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:34 PM

Posted 20 January 2009 - 04:34 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma. I appologize for the delay in getting you help.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

It has been a while since you posted your log, could you please post a new one?

Also Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#3 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:34 PM

Posted 27 January 2009 - 12:19 PM

This thread is closed due to inactivity.
If you need this topic reopened, please send me or another moderator a PM. This applies to the thread originator only, all others start a new thread.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users