Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: New Reconnaissance Tool Uses Code from Eight-Year-Old Comment Crew Implant

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Infected Computer, please help...

Started by GeorgeSmythe , Aug 02 2009 08:48 AM

This topic is locked

2 replies to this topic

#1 GeorgeSmythe

Members
2 posts
OFFLINE

Local time:01:49 AM

Posted 02 August 2009 - 08:48 AM

My computer became infected; the desktop was hijacked with a message that, "Your computer is infected, etc...." I restored the computer to an earlier date. This removed the desktop problem, but computer is now slow and has 41 processes running.
please help.

Logs below:

------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_09-07-30.01) - NTFSx86
Run by Beth at 9:39:14.01 on Sun 08/02/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1460 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090801-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Beth\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://www.baisidirect.com/live/login_selfDirected.jspv
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\documents and settings\beth\start menu\programs\startup\Dragon NaturallySpeaking.lnk.disabled
StartupFolder: c:\docume~1\beth\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\config~1.lnk - c:\program files\ma311 pci adapter configuration utility\wlanutil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: turbotax.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} - hxxp://www.toolkitcma.com/tkweb/tkweb.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_4.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148663182501
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} - hxxp://216.249.24.62/code/iPIX-ImageWell-ipix.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\beth\applic~1\mozilla\firefox\profiles\xzh3k2s9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npaxctrl.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-17 114768]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-5-14 3968]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2006-12-7 138680]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2006-12-7 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2006-12-7 352920]
R3 MA311;NETGEAR Wireless LAN Driver;c:\windows\system32\drivers\ma311n51.sys [2009-7-31 54784]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================

2009-07-31 17:55 54,784 a------- c:\windows\system32\drivers\ma311n51.sys
2009-07-31 17:55 <DIR> --d----- c:\program files\MA311 PCI Adapter Configuration Utility
2009-07-31 17:19 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-31 13:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\18260004
2009-07-26 20:50 85 a------- c:\windows\system32\vsfoceopumppjc.dat

==================== Find3M ====================

2009-07-18 12:00 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-18 12:00 3,069,440 -------- c:\windows\system32\dllcache\mshtml.dll
2009-06-22 07:40 18,432 -------- c:\windows\system32\dllcache\iedw.exe
2009-06-16 12:37 9,250 a------- c:\docume~1\beth\applic~1\wklnhst.dat
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 11:03 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-06-03 15:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-03 15:27 1,290,752 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-07 11:44 344,064 -------- c:\windows\system32\dllcache\localspl.dll
2008-09-25 07:54 4,354 a------- c:\docume~1\beth\applic~1\SAS7_000.DAT

============= FINISH: 9:39:42.32 ===============

---------------------------------------------------------------------------------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/8/2006 9:29:19 AM
System Uptime: 8/2/2009 8:59:39 AM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2792/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 53 GiB total, 17.415 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 18.536 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP867: 7/26/2009 8:50:05 PM - Software Distribution Service 3.0
RP868: 7/26/2009 8:50:05 PM - System Checkpoint
RP869: 7/26/2009 8:50:05 PM - System Checkpoint
RP870: 7/26/2009 8:50:05 PM - System Checkpoint
RP871: 7/26/2009 8:50:06 PM - System Checkpoint
RP872: 7/26/2009 8:50:06 PM - System Checkpoint
RP873: 7/26/2009 8:50:06 PM - System Checkpoint
RP874: 7/26/2009 8:50:06 PM - System Checkpoint
RP875: 7/26/2009 8:50:06 PM - System Checkpoint
RP876: 7/26/2009 8:50:07 PM - System Checkpoint
RP877: 7/26/2009 8:50:07 PM - System Checkpoint
RP878: 7/26/2009 8:50:07 PM - System Checkpoint
RP879: 7/26/2009 8:50:07 PM - System Checkpoint
RP880: 7/26/2009 8:50:08 PM - System Checkpoint
RP881: 7/26/2009 8:50:08 PM - Software Distribution Service 3.0
RP882: 7/26/2009 8:50:08 PM - System Checkpoint
RP883: 7/26/2009 8:50:09 PM - System Checkpoint
RP884: 7/26/2009 8:50:09 PM - System Checkpoint
RP885: 7/26/2009 8:50:09 PM - System Checkpoint
RP886: 7/26/2009 8:50:09 PM - System Checkpoint
RP887: 7/26/2009 8:50:09 PM - System Checkpoint
RP888: 7/26/2009 8:50:09 PM - System Checkpoint
RP889: 7/26/2009 8:50:10 PM - System Checkpoint
RP890: 7/26/2009 8:50:10 PM - System Checkpoint
RP891: 7/26/2009 8:50:10 PM - System Checkpoint
RP892: 7/26/2009 8:50:10 PM - System Checkpoint
RP893: 7/26/2009 8:50:10 PM - System Checkpoint
RP894: 7/26/2009 8:50:11 PM - System Checkpoint
RP895: 7/26/2009 8:50:12 PM - System Checkpoint
RP896: 7/26/2009 8:50:13 PM - System Checkpoint
RP897: 7/26/2009 8:50:13 PM - System Checkpoint
RP898: 7/26/2009 8:50:14 PM - System Checkpoint
RP899: 7/26/2009 8:50:15 PM - System Checkpoint
RP900: 7/26/2009 8:50:17 PM - System Checkpoint
RP901: 7/26/2009 8:50:18 PM - System Checkpoint
RP902: 7/26/2009 8:50:20 PM - System Checkpoint
RP903: 7/26/2009 8:50:22 PM - System Checkpoint
RP904: 7/26/2009 8:50:23 PM - System Checkpoint
RP905: 7/26/2009 8:50:24 PM - System Checkpoint
RP906: 7/26/2009 8:50:24 PM - System Checkpoint
RP907: 6/9/2009 1:22:42 PM - System Checkpoint
RP908: 6/10/2009 2:14:53 PM - System Checkpoint
RP909: 6/11/2009 3:00:31 AM - Software Distribution Service 3.0
RP910: 6/12/2009 3:18:04 AM - System Checkpoint
RP911: 6/13/2009 4:18:03 AM - System Checkpoint
RP912: 6/14/2009 5:18:03 AM - System Checkpoint
RP913: 6/15/2009 5:45:45 AM - System Checkpoint
RP914: 6/16/2009 5:57:16 AM - System Checkpoint
RP915: 6/17/2009 6:53:13 AM - System Checkpoint
RP916: 6/18/2009 6:58:18 AM - System Checkpoint
RP917: 6/19/2009 7:57:13 AM - System Checkpoint
RP918: 6/20/2009 8:57:14 AM - System Checkpoint
RP919: 6/21/2009 9:02:00 AM - System Checkpoint
RP920: 6/22/2009 9:37:18 AM - System Checkpoint
RP921: 6/23/2009 12:05:47 PM - System Checkpoint
RP922: 6/24/2009 12:55:46 PM - System Checkpoint
RP923: 6/25/2009 1:55:46 PM - System Checkpoint
RP924: 6/26/2009 3:33:46 PM - System Checkpoint
RP925: 6/27/2009 3:55:50 PM - System Checkpoint
RP926: 6/28/2009 4:55:47 PM - System Checkpoint
RP927: 6/29/2009 5:55:48 PM - System Checkpoint
RP928: 6/30/2009 6:55:49 PM - System Checkpoint
RP929: 7/1/2009 7:55:49 PM - System Checkpoint
RP930: 7/2/2009 8:55:49 PM - System Checkpoint
RP931: 7/3/2009 9:55:49 PM - System Checkpoint
RP932: 7/4/2009 10:55:49 PM - System Checkpoint
RP933: 7/5/2009 11:55:49 PM - System Checkpoint
RP934: 7/7/2009 12:53:43 AM - System Checkpoint
RP935: 7/10/2009 3:47:33 PM - System Checkpoint
RP936: 7/11/2009 4:01:04 PM - System Checkpoint
RP937: 7/12/2009 4:34:07 PM - System Checkpoint
RP938: 7/13/2009 5:34:07 PM - System Checkpoint
RP939: 7/14/2009 6:34:07 PM - System Checkpoint
RP940: 7/15/2009 3:00:21 AM - Software Distribution Service 3.0
RP941: 7/16/2009 3:34:07 AM - System Checkpoint
RP942: 7/17/2009 4:34:07 AM - System Checkpoint
RP943: 7/18/2009 5:34:07 AM - System Checkpoint
RP944: 7/19/2009 6:34:07 AM - System Checkpoint
RP945: 7/20/2009 7:46:37 AM - System Checkpoint
RP946: 7/21/2009 9:43:37 AM - System Checkpoint
RP947: 7/22/2009 4:31:33 PM - System Checkpoint
RP948: 7/23/2009 4:33:37 PM - System Checkpoint
RP949: 7/24/2009 5:20:11 PM - System Checkpoint
RP950: 7/25/2009 6:20:07 PM - System Checkpoint
RP951: 7/26/2009 7:20:07 PM - System Checkpoint
RP952: 7/27/2009 8:02:38 PM - System Checkpoint
RP953: 7/28/2009 9:02:37 PM - System Checkpoint
RP954: 7/29/2009 3:00:18 AM - Software Distribution Service 3.0
RP955: 7/30/2009 3:11:09 AM - System Checkpoint
RP956: 7/31/2009 4:11:08 AM - System Checkpoint
RP957: 7/31/2009 4:41:34 PM - Restore Operation
RP958: 7/31/2009 4:49:21 PM - Removed Digital Content Portal
RP959: 7/31/2009 4:51:19 PM - Restore Operation
RP960: 7/31/2009 4:58:41 PM - Restore Operation
RP961: 7/31/2009 5:14:10 PM - Restore Operation
RP962: 7/31/2009 5:27:07 PM - Restore Operation
RP963: 7/31/2009 5:54:58 PM - Installed MA311 Device Driver and Configuration Utility
RP964: 7/31/2009 10:04:42 PM - Software Distribution Service 3.0
RP965: 8/1/2009 8:32:15 AM - Software Distribution Service 3.0
RP966: 8/2/2009 9:21:28 AM - Removed PC Inspector File Recovery

==== Installed Programs ======================

5500
5500_Help
5500Tour
5500Trb
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Standard
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
Adobe Reader 7.0.7
Adobe Shockwave Player
AiO_Scan
AiOSoftware
Amazing Slow Downer (remove only)
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
Audio Companion (remove only)
AutoUpdate
avast! Antivirus
AVG Anti-Spyware 7.5
BufferChm
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Copy
Corel Photo Album 6
CreativeProjects
CreativeProjectsTemplates
CueTour
dBpoweramp Music Converter
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 3.1
Dell System Restore
Destinations
DGOControls
Digital Content Portal
Director
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
DocumentViewer
Dragon NaturallySpeaking 9
EarMaster Pro 5
Extended Language Support Fonts Package
Fax
FileZilla (remove only)
Form Viewer
GBET 1.6.1.3
Google Video Player
HijackThis 1.99.1
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB952287)
HP Diagnostic Assistant
HP Driver Diagnostics
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HPSystemDiagnostics
Image Resizer Powertoy for Windows XP
InstantShare
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
MA311 Device Driver and Configuration Utility
Macromedia Flash Player
Malwarebytes' Anti-Malware
Malwarebytes' RogueRemover
MCU
Merriam-Webster
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NetZeroInstallers
Overland
PhotoGallery
Power Tab Editor 1.7
PrintScreen
ProductContext
PurgeIE - 7.04
QFolder
Qualxserve Service Agreement
QuickProjects
QuickTime
Readme
RealPlayer
RogueRemover 1.18
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
SkinsHP1
Sonic Update Manager
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Sweet MIDI Player 32 (remove only)
Sweet Sixteen 32 (remove only)
ToolkitCMA
TrayApp
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2008 wvaiper
TurboTax Deluxe Deduction Maximizer 2006
TurboTax Home & Business 2007
TurboTax ItsDeductible 2006
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
WD Diagnostics
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
WexTech AnswerWorks
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

==== Event Viewer Messages From Past Week ========

7/31/2009 9:05:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/31/2009 9:03:10 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00095B12217C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/31/2009 4:28:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Fax service to connect.
7/31/2009 4:28:29 PM, error: Service Control Manager [7000] - The Fax service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/31/2009 4:27:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/31/2009 4:26:16 PM, error: Service Control Manager [7000] - The Application Management service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
7/31/2009 4:26:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/31/2009 4:25:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/31/2009 4:25:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi AVG Anti-Spyware Driver Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
7/31/2009 4:25:27 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/31/2009 4:25:27 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/31/2009 4:25:27 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/31/2009 4:25:27 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/31/2009 4:25:27 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/31/2009 4:25:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/31/2009 4:24:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/31/2009 4:18:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
7/31/2009 4:18:42 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/31/2009 4:17:42 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/31/2009 4:16:41 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/31/2009 4:15:41 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/31/2009 4:03:49 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
7/31/2009 4:03:47 PM, error: Service Control Manager [7022] - The Intuit Update Service service hung on starting.
7/31/2009 4:03:40 PM, error: Service Control Manager [7022] - The Fax service hung on starting.
7/31/2009 4:01:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows User Mode Driver Framework service to connect.
7/31/2009 4:01:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PurgeIE XP Service service to connect.
7/31/2009 4:01:18 PM, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/31/2009 4:01:18 PM, error: Service Control Manager [7000] - The PurgeIE XP Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/31/2009 2:44:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/31/2009 2:44:35 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/31/2009 2:44:31 PM, error: Service Control Manager [7022] - The AVG Anti-Spyware Guard service hung on starting.
7/31/2009 2:40:59 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/31/2009 2:39:59 PM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
7/31/2009 2:34:29 PM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
7/31/2009 2:34:29 PM, error: Service Control Manager [7034] - The PurgeIE XP Service service terminated unexpectedly. It has done this 1 time(s).
7/31/2009 2:34:29 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
7/31/2009 2:34:29 PM, error: Service Control Manager [7034] - The AVG Anti-Spyware Guard service terminated unexpectedly. It has done this 1 time(s).
7/31/2009 2:34:29 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/27/2009 8:09:33 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
7/27/2009 8:09:13 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/26/2009 8:53:07 PM, error: System Error [1003] - Error code 00000077, parameter1 00000001, parameter2 00000000, parameter3 00000000, parameter4 b01c8c4c.

==== End Of File ===========================

------------------------------------------------------------------------------------------------------------------------------------

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 syler

Malware Response Team
8,150 posts
OFFLINE

Gender:Male
Location:Warrington, UK
Local time:06:49 AM

Posted 10 August 2009 - 10:07 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:

Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply .

Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Then please post back here with the following:

MBAM log
log.txt
info.txt

Thanks

Back to top

#3 syler

Malware Response Team
8,150 posts
OFFLINE

Gender:Male
Location:Warrington, UK
Local time:06:49 AM

Posted 15 August 2009 - 06:52 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.