Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ieuser.exe error message comes up all the time. cannot find component rasman.dll


  • Please log in to reply
11 replies to this topic

#1 zeroforhire

zeroforhire

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 16 March 2009 - 04:05 PM

Ok... for some reason I am getting this error message upon startup and shut down, and a few times in between. Then the computer tries to install updates and fails.

On shutdown it takes a few minutes then finally closes. On start up it tries to configure updates then cannot do it, so it reverts back to original condition.

I have tried to manually install the updates, which seems to work until I restart my computer. I am currently running windows malicious remover on full scan... we'll see what it comes up with. I have to run it now, because if I restart the computer I will no longer have the tool.

I am running Vista Home Ultimate. Avira Antivirus

I am totally new to this, so I do not know how to post logs etc. etc. I need someone with patience to help me please. I am somewhat computer saavy, but will defiantely need some clear instructions.

My son uses this computer most of the time, and I just realized that we do not have anti virus protection on it in Feb. I DL's avira and ran a scan and it found 4 viruses. Here is the log from that scan.



Avira AntiVir Personal
Report file date: Sunday, February 15, 2009 11:26

Scanning for 1245440 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MATTANDJULIE

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 17:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 16:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 21:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 15:41:31
ANTIVIR2.VDF : 7.1.2.13 2048 Bytes 2/11/2009 15:41:32
ANTIVIR3.VDF : 7.1.2.26 69632 Bytes 2/15/2009 15:41:32
Engineversion : 8.2.0.79
AEVDF.DLL : 8.1.1.0 106868 Bytes 2/15/2009 15:41:46
AESCRIPT.DLL : 8.1.1.47 348539 Bytes 2/15/2009 15:41:44
AESCN.DLL : 8.1.1.7 127347 Bytes 2/15/2009 15:41:43
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 22:58:38
AEPACK.DLL : 8.1.3.8 397684 Bytes 2/15/2009 15:41:42
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2/15/2009 15:41:40
AEHEUR.DLL : 8.1.0.90 1573237 Bytes 2/15/2009 15:41:39
AEHELP.DLL : 8.1.2.0 119159 Bytes 2/15/2009 15:41:36
AEGEN.DLL : 8.1.1.16 332148 Bytes 2/15/2009 15:41:35
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 19:05:56
AECORE.DLL : 8.1.6.5 176501 Bytes 2/15/2009 15:41:33
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 19:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 17:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 18:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 21:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 20:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 21:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 21:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 22:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 22:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, February 15, 2009 11:26

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned
Scan process 'WMIADAP.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'windirstat.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'mozystat.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'LinksysAgent.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'SynTPStart.exe' - '1' Module(s) have been scanned
Scan process 'wmdSync.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'mozybackup.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mozybackup.exe' - '1' Module(s) have been scanned
Scan process 'MediaAgent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'mozybackup.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'atashost.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'wlanext.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
81 processes with 81 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '48' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\Macromed\AUTHORWA\NP32ASW\AW50\authorn.exe
[DETECTION] Is the TR/Dldr.Banload.xmy Trojan
[NOTE] The file was moved to '4a0c7cc7.qua'!
C:\Windows\System32\Macromed\AUTHORWA\NP32ASW\AW50\notes.exe
[DETECTION] Is the TR/Dldr.Banload.xen Trojan
[NOTE] The file was moved to '495f2b88.qua'!
C:\Windows\System32\Macromed\AUTHORWA\NP32ASW\AW50\webplr05\authorn.exe
[DETECTION] Is the TR/Dldr.Banload.xmy Trojan
[NOTE] The file was moved to '4a0c7cd2.qua'!
C:\Windows\System32\Macromed\AUTHORWA\NP32ASW\AW50\webplr05\notes.exe
[DETECTION] Is the TR/Dldr.Banload.xen Trojan
[NOTE] The file was moved to '42a8f2e3.qua'!
Begin scan in 'D:\' <PRESARIO_RP>


End of the scan: Sunday, February 15, 2009 12:46
Used time: 1:20:45 Hour(s)

The scan has been done completely.

24738 Scanning directories
489443 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
489437 Files not concerned
2811 Archives were scanned
2 Warnings
4 Notes



Thanks in advance for all your help.

BC AdBot (Login to Remove)

 


#2 Guest_tylerisdabest_*

Guest_tylerisdabest_*

  • Guests
  • OFFLINE
  •  

Posted 16 March 2009 - 05:10 PM

i think your avira is out of date, update and scan. and then download malwarebytes mbam setup do a quickscan and than click remove selected

#3 zeroforhire

zeroforhire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 16 March 2009 - 05:49 PM

will do... I'll update you with my progress

#4 zeroforhire

zeroforhire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 16 March 2009 - 10:08 PM

ok... avira found 2 viruses... and mbam found one malware.... logs as follows.



Avira AntiVir Personal
Report file date: Monday, March 16, 2009 17:40

Scanning for 1303192 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MATTANDJULIE

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 17:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 16:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 21:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 15:41:31
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 3/11/2009 19:21:09
ANTIVIR3.VDF : 7.1.2.177 153088 Bytes 3/16/2009 22:42:36
Engineversion : 8.2.0.116
AEVDF.DLL : 8.1.1.0 106868 Bytes 2/15/2009 15:41:46
AESCRIPT.DLL : 8.1.1.63 364923 Bytes 3/15/2009 03:02:50
AESCN.DLL : 8.1.1.8 127346 Bytes 3/6/2009 05:53:31
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 22:58:38
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/5/2009 05:53:29
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 04:01:18
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 3/6/2009 05:53:30
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 04:01:14
AEGEN.DLL : 8.1.1.29 336245 Bytes 3/16/2009 22:42:38
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 19:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 2/20/2009 04:29:13
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 19:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 17:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 18:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 21:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 20:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 21:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 21:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 22:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 22:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Monday, March 16, 2009 17:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'mspaint.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'mozystat.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'LinksysAgent.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SynTPStart.exe' - '1' Module(s) have been scanned
Scan process 'wmdSync.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'mozybackup.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mozybackup.exe' - '1' Module(s) have been scanned
Scan process 'MediaAgent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'mozybackup.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'atashost.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'wlanext.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
79 processes with 79 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '49' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Microsoft Works\WkDStore.exe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.B.91 worm
[NOTE] The file was moved to '4a02f9a5.qua'!
C:\SwSetup\MSWorks\US\PFILES\MSWORKS\WKDSTORE.EXE
[DETECTION] Contains recognition pattern of the WORM/Mabezat.B.91 worm
[NOTE] The file was moved to '4a0301af.qua'!
Begin scan in 'D:\' <PRESARIO_RP>


End of the scan: Monday, March 16, 2009 19:26
Used time: 1:45:18 Hour(s)

The scan has been done completely.

27455 Scanning directories
601635 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
601631 Files not concerned
2985 Archives were scanned
2 Warnings
2 Notes



MBAM

Malwarebytes' Anti-Malware 1.34
Database version: 1856
Windows 6.0.6001 Service Pack 1

3/16/2009 8:06:30 PM
mbam-log-2009-03-16 (20-06-30).txt

Scan type: Quick Scan
Objects scanned: 74786
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\explorer.reg (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



Will restart and see if that took care of it.

#5 zeroforhire

zeroforhire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 16 March 2009 - 10:18 PM

Ok... the rasman.dll error still comes up when I shut down and start up, but it isn't trying to configure updates anymore.

Can someone please help me with the rasman.dll error? I have heard that if someone else has vista home ultimate, they can give me a copy of that file and I can overwrite the corrupt file in my system folder... what do you guys think?

Thanks for the help so far... I was able to get rid of a few nasties.

#6 Guest_tylerisdabest_*

Guest_tylerisdabest_*

  • Guests
  • OFFLINE
  •  

Posted 17 March 2009 - 10:25 AM

try this. update and full scan mbam and then go to download.com search for super anti spyware download it. full scan superantispyware.

note: superantispyware gets trackingcookies too

Edited by tylerisdabest, 17 March 2009 - 10:26 AM.


#7 zeroforhire

zeroforhire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 17 March 2009 - 12:28 PM

Will do when I get home tonight. Thanks.

#8 zeroforhire

zeroforhire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 18 March 2009 - 10:21 AM

Ran both scans and the superantispyware found a few small tracking cookies... but other than that nothing.

I still have the rasman.dll error on shut down and start up. It still tries to configure updates, only to fail and revert to old settings.

What should I try next? It seems to be a problem with the updates....

#9 Guest_tylerisdabest_*

Guest_tylerisdabest_*

  • Guests
  • OFFLINE
  •  

Posted 18 March 2009 - 03:06 PM

im afraid thats all i can help you with, start a new topic in the vista secton -> vista

#10 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:02 AM

Posted 18 March 2009 - 08:42 PM

Did you or anyone using the computer disable User Account Control (UAC)
If you use Spybot S&D, make sure the Teatimer function is disabled for now

----------------------------------------------

Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#11 zeroforhire

zeroforhire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 19 March 2009 - 09:13 PM

did that... found some more nasties... but the problem still remains. I am still not able to download the updates automatically, and it still gives me the rasman.dll error. Here is my DrWebClean log...


seer.exe\SEER98.BAK;C:\academic\iss2\seer.exe;Probably BATCH.Virus;;
seer.exe\seer98.bat;C:\academic\iss2\seer.exe;Probably BATCH.Virus;;
seer.exe;C:\academic\iss2;Archive contains infected objects;Moved.;
seer.exe\SEER98.BAK;C:\academic\orawin95\bin\seer.exe;Probably BATCH.Virus;;
seer.exe\seer98.bat;C:\academic\orawin95\bin\seer.exe;Probably BATCH.Virus;;
seer.exe;C:\academic\orawin95\bin;Archive contains infected objects;Moved.;
Seer95.exe\SEER95.BAT;C:\academic\orawin95\bin\Seer95.exe;Probably BATCH.Virus;;
Seer95.exe/SEER95U.EXE\SEER95.BAT;C:\academic\orawin95\bin\Seer95.exe/SEER95U.EXE;Probably BATCH.Virus;;
SEER95U.EXE;C:\academic\orawin95\bin;Archive contains infected objects;;
Seer95.exe;C:\academic\orawin95\bin;Archive contains infected objects;Moved.;
c.bat;C:\ComboFix;Probably BATCH.Virus;Incurable.Moved.;
psexec.cfexe;C:\ComboFix;Program.PsExec.171;Incurable.Moved.;
seer.exe\SEER98.BAK;C:\Documents and Settings\zeroforhire\DoctorWeb\Quarantine\seer.exe;Probably BATCH.Virus;;
seer.exe\seer98.bat;C:\Documents and Settings\zeroforhire\DoctorWeb\Quarantine\seer.exe;Probably BATCH.Virus;;
seer.exe;C:\Documents and Settings\zeroforhire\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
Seer95.exe\SEER95.BAT;C:\Documents and Settings\zeroforhire\DoctorWeb\Quarantine\Seer95.exe;Probably BATCH.Virus;;
Seer95.exe/SEER95U.EXE\SEER95.BAT;C:\Documents and Settings\zeroforhire\DoctorWeb\Quarantine\Seer95.exe/SEER95U.EXE;Probably BATCH.Virus;;
SEER95U.EXE;C:\Documents and Settings\zeroforhire\DoctorWeb\Quarantine;Archive contains infected objects;;
Seer95.exe;C:\Documents and Settings\zeroforhire\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
seer___0.exe\SEER98.BAK;C:\Documents and Settings\zeroforhire\DoctorWeb\Quarantine\seer___0.exe;Probably BATCH.Virus;;
seer___0.exe\seer98.bat;C:\Documents and Settings\zeroforhire\DoctorWeb\Quarantine\seer___0.exe;Probably BATCH.Virus;;
seer___0.exe;C:\Documents and Settings\zeroforhire\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
ComboFix.exe/data002\32788R22FWJFW\c.bat;C:\Documents and Settings\zeroforhire\Downloads\ComboFix.exe/data002;Probably BATCH.Virus;;
ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\zeroforhire\Downloads\ComboFix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\zeroforhire\Downloads;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\zeroforhire\Downloads;Container contains infected objects;Moved.;
SlgClientServicesRedists.exe\data002;C:\Program Files\HP Games\Cake Mania\SlgClientServicesRedists.exe;Adware.SpywareStorm;;
SlgClientServicesRedists.exe;C:\Program Files\HP Games\Cake Mania;Archive contains infected objects;Moved.;
acssetup.exe\data008;C:\Program Files\Online Services\Aolca\comps\acs\acssetup.exe;Probably BACKDOOR.Trojan;;
acssetup.exe;C:\Program Files\Online Services\Aolca\comps\acs;Archive contains infected objects;Moved.;
cakemania-setup.exe/data032\data002;C:\SwSetup\HPGame\games\cakemania-setup.exe/data032;Adware.SpywareStorm;;
data032;C:\SwSetup\HPGame\games;Archive contains infected objects;;
cakemania-setup.exe;C:\SwSetup\HPGame\games;Archive contains infected objects;Moved.;

#12 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio

Posted 20 March 2009 - 02:19 PM

You have a lot going on. Let's try this

Full tutorial:
http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/


Please print out and follow these instructions: "How to use SDFix".
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • Please be patient as the scan may take up to 20 minutes to complete.
  • When the process is complete, the SDFix report log will open in Notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • The SDFix report log (Report.txt) will open in Notepad and automatically be saved in the SDFix folder.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to re-enable you anti-virus and and other security programs before connecting to the Internet.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users