Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can only open in Safe Mode


  • This topic is locked This topic is locked
2 replies to this topic

#1 djm1971

djm1971

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 10 May 2009 - 09:52 PM

I think I have something bad going on, but I don't know what to do.
I can only restart my computer in Safe Mode. I cannot run antivirus programs. They start and just disappear after a few seconds. I cannot update windows or even access the windows update site.
I also cannot access antivirus sites.

Here are my logs:


DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by HP_Owner at 19:29:19.54 on Sun 05/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.216 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe C:\WINDOWS\TEMP\VRT1.tmp
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\jwn74t6.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\TEMP\jwn74t6.exe
C:\WINDOWS\TEMP\3470597812.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Owner.DAN\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: c:\windows\system32\sdrgfcvbf.dll: {c2ba40a1-74f3-42bd-f434-12345a2c8953} - c:\windows\system32\sdrgfcvbf.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [services] c:\windows\services.exe
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f
dRun: [<NO NAME>] c:\windows\temp\jwn74t6.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\jwn74t6.exe
dRun: [Diagnostic Manager] c:\windows\temp\3470597812.exe
dRun: [reader_s] c:\documents and settings\hp_owner.dan\reader_s.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
STS: c:\windows\system32\sdrgfcvbf.dll: {c2ba40a1-74f3-42bd-f434-12345a2c8953} - c:\windows\system32\sdrgfcvbf.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File

============= SERVICES / DRIVERS ===============

S0 wuya;wuya;c:\windows\system32\drivers\urbqji.sys --> c:\windows\system32\drivers\urbqji.sys [?]
S1 ethhldyz;ethhldyz;c:\windows\system32\drivers\ethhldyz.sys --> c:\windows\system32\drivers\ethhldyz.sys [?]
S1 mpg49f4;mpg49f4;c:\windows\system32\drivers\mpg49f4.sys --> c:\windows\system32\drivers\mpg49f4.sys [?]
S1 ndkd2d7;ndkd2d7;c:\windows\system32\drivers\ndkd2d7.sys --> c:\windows\system32\drivers\ndkd2d7.sys [?]
S1 qtf569e;qtf569e;c:\windows\system32\drivers\qtf569e.sys --> c:\windows\system32\drivers\qtf569e.sys [?]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-27 197752]
S2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-27 234616]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-27 164984]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-8-30 176768]
S2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-23 49808]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2009-4-27 26488]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-27 78968]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-10 38496]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20041117.006\NAVENG.Sys [2005-2-17 72712]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20041117.006\NavEx15.Sys [2005-2-17 629544]
S3 protect;protect;c:\windows\system32\drivers\protect.sys [2009-5-10 18944]
S3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-23 335504]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-23 197864]

=============== Created Last 30 ================

2009-05-10 19:20 0 a------- C:\48.tmp
2009-05-10 19:20 0 a------- C:\47.tmp
2009-05-10 19:20 0 a------- C:\46.tmp
2009-05-10 19:19 0 a------- C:\45.tmp
2009-05-10 19:19 0 a------- C:\44.tmp
2009-05-10 19:19 0 a------- C:\43.tmp
2009-05-10 19:19 0 a------- C:\42.tmp
2009-05-10 19:19 0 a------- C:\41.tmp
2009-05-10 19:19 0 a------- C:\40.tmp
2009-05-10 19:18 0 a------- C:\3F.tmp
2009-05-10 19:18 0 a------- C:\3E.tmp
2009-05-10 19:18 0 a------- C:\3D.tmp
2009-05-10 19:18 860 a------- C:\3C.tmp
2009-05-10 19:18 15,000 a------- c:\windows\system32\sdrgfcvbf.dll
2009-05-10 19:18 51,712 a------- C:\31.tmp
2009-05-10 19:18 23,552 a------- c:\windows\system32\wmimgr32.dll
2009-05-10 18:59 61,440 a------- c:\windows\system32\B.tmp
2009-05-10 18:59 120 a------- c:\windows\system32\6.tmp
2009-05-10 12:52 61,440 a------- c:\windows\system32\9.tmp
2009-05-10 12:52 120 a------- c:\windows\system32\4.tmp
2009-05-10 12:36 <DIR> --d----- C:\HJT
2009-05-10 12:24 61,440 a------- c:\windows\system32\7.tmp
2009-05-10 12:24 120 a------- c:\windows\system32\3.tmp
2009-05-10 11:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2009-05-10 11:53 <DIR> --d----- c:\program files\PCPitstop
2009-05-10 10:47 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-05-10 10:46 77,312 a------- c:\documents and settings\hp_owner.dan\reader_s.exe
2009-05-10 10:46 36,352 a------- c:\windows\system32\reader_s.exe
2009-05-10 10:46 61,440 a------- c:\windows\system32\5.tmp
2009-05-10 10:46 69,632 a------- c:\windows\services.exe
2009-05-10 10:46 120 a------- c:\windows\system32\2.tmp
2009-05-10 10:22 <DIR> --d----- c:\docume~1\hp_owner.dan\applic~1\Malwarebytes
2009-05-10 10:22 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-10 10:22 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 10:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-10 10:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-10 09:50 0 a------- C:\91.tmp
2009-05-10 09:50 0 a------- C:\90.tmp
2009-05-10 09:48 0 a------- C:\89.tmp
2009-05-10 09:48 0 a------- C:\88.tmp
2009-05-10 09:48 0 a------- C:\87.tmp
2009-05-10 09:48 0 a------- C:\86.tmp
2009-05-10 09:48 860 a------- C:\85.tmp
2009-05-10 09:48 51,712 a------- C:\84.tmp
2009-05-10 09:46 61,440 a------- c:\windows\system32\81.tmp
2009-05-10 09:45 120 a------- c:\windows\system32\7D.tmp
2009-05-10 09:15 61,440 a------- c:\windows\system32\7F.tmp
2009-05-10 09:15 120 a------- c:\windows\system32\7C.tmp
2009-05-07 23:13 401,720 a------- c:\program files\hijackthis.exe
2009-05-07 23:08 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-07 22:43 0 a------- C:\3B.tmp
2009-05-07 22:43 38 a------- C:\3A.tmp
2009-05-07 22:43 0 a------- C:\39.tmp
2009-05-07 22:43 0 a------- C:\38.tmp
2009-05-07 22:43 0 a------- C:\37.tmp
2009-05-07 22:43 0 a------- C:\36.tmp
2009-05-07 22:43 0 a------- C:\35.tmp
2009-05-07 22:43 0 a------- C:\34.tmp
2009-05-07 22:43 0 a------- C:\33.tmp
2009-05-07 22:43 860 a------- C:\32.tmp
2009-04-29 18:06 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-29 18:05 1,340,797 a------- C:\MGtools.exe
2009-04-29 17:48 61,440 a------- c:\windows\system32\45.tmp
2009-04-29 17:48 124 a------- c:\windows\system32\42.tmp
2009-04-29 17:19 <DIR> --dsh--- c:\documents and settings\hp_owner.dan\UserData
2009-04-29 17:16 0 a------- C:\2F.tmp
2009-04-29 17:16 0 a------- C:\2E.tmp
2009-04-29 17:16 0 a------- C:\2C.tmp
2009-04-29 17:16 0 a------- C:\2B.tmp
2009-04-29 17:16 0 a------- C:\2A.tmp
2009-04-29 09:26 809 a------- c:\windows\system32\spupdsvc.inf
2009-04-29 09:26 <DIR> --d----- c:\docume~1\hp_owner.dan\applic~1\MSNInstaller
2009-04-29 09:21 <DIR> --d----- c:\windows\LastGood.Tmp
2009-04-28 22:16 <DIR> --d----- C:\48ee15eb180ccf0665
2009-04-28 21:55 2,180,480 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-28 21:55 2,136,064 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-28 21:55 2,057,728 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-28 21:55 2,015,744 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-28 21:55 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-04-28 21:55 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-04-28 00:07 61,440 a------- c:\windows\system32\A5.tmp
2009-04-28 00:07 152,064 a------- c:\windows\system32\A3.tmp
2009-04-28 00:07 124 a------- c:\windows\system32\A2.tmp
2009-04-28 00:03 <DIR> --d----- c:\docume~1\hp_owner.dan\applic~1\PC Tools
2009-04-27 23:48 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-27 23:48 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-04-27 23:48 61,440 a------- c:\windows\system32\1D.tmp
2009-04-27 23:48 152,064 a------- c:\windows\system32\1A.tmp
2009-04-27 23:48 124 a------- c:\windows\system32\19.tmp
2009-04-26 23:44 <DIR> --d----- c:\windows\system32\Lang
2009-04-26 23:44 94,208 a------- c:\windows\system32\igfxcpl.cpl
2009-04-26 23:44 163,840 a------- c:\windows\system32\igfxres.dll
2009-04-26 23:43 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-26 23:43 1,845 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_PS583AA-ABA a1020n_YC_0Pavi_QCNH515_E52NAheBLU1_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.19_T050310_WXH2_L409_M504_J200_7Intel_8Pentium 4_93.06_#050614_N10EC8139_Z11C1048C_G80862582.MRK
2009-04-26 20:52 <DIR> --d----- c:\documents and settings\hp_owner.dan\WINDOWS
2009-04-26 20:52 <DIR> --d----- c:\docume~1\hp_owner.dan\applic~1\Symantec
2009-04-26 20:52 <DIR> --d----- c:\documents and settings\HP_Owner.DAN
2009-04-26 20:49 <DIR> --d----- c:\windows\system32\RTCOM
2009-04-26 20:48 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-04-26 20:14 <DIR> --dshr-- c:\windows\system32\dllcache
2009-04-26 16:50 0 a------- C:\2D.tmp
2009-04-26 16:50 0 a------- C:\29.tmp
2009-04-26 16:50 0 a------- C:\21.tmp
2009-04-26 16:50 0 a------- C:\20.tmp
2009-04-26 16:50 38 a------- C:\1E.tmp
2009-04-26 16:50 0 a------- C:\1D.tmp
2009-04-26 16:49 0 a------- C:\1C.tmp
2009-04-26 16:49 0 a------- C:\1B.tmp
2009-04-26 16:49 0 a------- C:\1A.tmp
2009-04-26 16:49 0 a------- C:\19.tmp
2009-04-26 16:49 0 a------- C:\18.tmp
2009-04-26 16:49 860 a------- C:\17.tmp
2009-04-26 16:49 0 a------- C:\15.tmp
2009-04-26 13:59 35,328 a---h--- c:\windows\pp06.ex_
2009-04-26 13:59 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-04-26 13:59 0 a------- c:\windows\mqcd.dbt
2009-04-26 13:59 55,296 a------- C:\wwmeoblk.exe
2009-04-26 13:59 43,008 a------- C:\pdtivk.exe
2009-04-26 13:58 2 a------- C:\-1335809220
2009-04-26 13:58 51,712 a------- C:\celkadaa.exe
2009-04-26 13:58 290,304 a------- C:\kggi.exe
2009-04-26 13:58 16,384 a---h--- c:\windows\ld08.ex_
2009-04-20 09:45 <DIR> --d----- c:\program files\common files\DivX Shared

==================== Find3M ====================

2009-05-10 10:57 3,998 a------- c:\windows\system32\tmp.reg
2009-05-10 09:48 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-05-10 09:48 182,912 a------- c:\windows\system32\dllcache\ndis.sys
2009-05-07 23:14 8,769 a------- c:\program files\hijackthis.log
2009-04-30 01:36 99,840 a------- c:\windows\system32\WS2Fix.exe
2009-03-06 07:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-06 07:44 283,648 a------- c:\windows\system32\dllcache\pdh.dll

============= FINISH: 19:30:21.71 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/26/2009 8:50:34 PM
System Uptime: 5/10/2009 6:57:47 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | Goldfish3
Processor: Intel® Pentium® 4 CPU 3.06GHz | CPU 1 | 3065/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 179 GiB total, 126.192 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 2.16 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
BufferChm
CameraDrivers
CC_ccProxyExt
ccCommon
ccPxyCore
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
Crystal Maze from Hewlett-Packard Desktops (remove only)
CueTour
Destinations
Director
DocProc
DocumentViewer
Fax
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Deskjet Preloaded Printer Drivers
HP Diagnostic Assistant
HP Image Zone 4.5.3
HP Image Zone Plus 4.5.3
HP Organize
HP Photosmart Cameras 4.0
HP PSC & OfficeJet 4.0
HP Software Update
HPIZplus450
HpSdpAppCoreApp
InstantShare
IntelliMover Data Transfer Demo
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
LS_HSI
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN
MSRedist
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 3.5 magicMoments - HPD
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Orbital from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
PanoStandAlone
PC-Doctor for Windows
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
Polar Golfer from Hewlett-Packard Desktops (remove only)
PrintScreen
PS2
PSPrinters06
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Road Ready Streetwise from Hewlett-Packard Desktops (remove only)
Scan
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
SkinsHP1
Sonic Express Labeler
Sonic RecordNow!
SPBBC
SpySubtract
Super Granny from Hewlett-Packard Desktops (remove only)
SymNet
Tradewinds from Hewlett-Packard Desktops (remove only)
TrayApp
Unload
Update for Windows XP (KB898461)
Updates from HP
WebFldrs XP
WebReg
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175

==== Event Viewer Messages From Past Week ========

5/7/2009 10:40:42 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
5/7/2009 10:40:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\HP_Owner.DAN\LOCALS~1\Temp\RarSFX0\basic\setup.exe. Reference error message: The operation completed successfully. .
5/7/2009 10:40:42 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
5/10/2009 9:27:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/10/2009 9:27:01 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
5/10/2009 9:26:56 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/10/2009 9:26:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/10/2009 9:19:23 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
5/10/2009 9:16:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SYMTDI
5/10/2009 9:16:05 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
5/10/2009 9:14:54 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/10/2009 9:14:21 AM, error: SRService [104] - The System Restore initialization process failed.

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:12 AM

Posted 11 May 2009 - 06:56 AM

Hi djm1971,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar.

I'm afraid I've got bad news.

Your system is infected with one of the nastiest file infectors:

Virut is a polymorphic file infector with some additional features. It spreads all around the drive and infects even files infected by another virus previously. The only symptoms are a strange HDD activity while infecting, and also unwanted TCP traffic. Virut tries to connect you into an IRC network under the user name "Virtu" and zombify you. Unfortunately, the cleaning of this virus is very difficult or almost impossible.

http://www.ca.com/us/securityadvisor/virus...s.aspx?id=55141

The virus remains resident in memory and infects executable files with ".EXE" and ".SCR" file extensions.


It's damage to the system is almost beyond repair as it disables Windows File Protection:

The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.


http://www.ca.com/us/securityadvisor/virus...s.aspx?id=55141

Therefore all those running processes are most probably now the virus agent.

There is a claim by Grisoft that the following tool can remove the infection:

http://www.softpedia.com/get/Antivirus/Win...t-Remover.shtml

This claim is hard to believe. Not only almost all the running processes are infected but also their copy in i386 folder and in the dll cache are patched.

Therefore the only fast and safe answer to the virus is reformatting and reinstalling windows. You may backup non-executable (data) files and reformat the entire hard drive.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:12 AM

Posted 14 May 2009 - 04:16 PM

This thread will now be closed.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users