Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed a virus but computer still not running right


  • This topic is locked This topic is locked
2 replies to this topic

#1 domorato

domorato

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 27 October 2009 - 12:43 PM

Hello,


This computer had a rootkit and some viruses on it. I tried to remove them myself. I don't know if everything is gone yet because the computer is still not running like it used to. I ran the dds program but the rootrepeal program will not run on this computer for some reason. Rootrepeal never gets past initializing.



DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/6/2004 3:12:46 PM
System Uptime: 10/27/2009 12:59:34 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | Explorer4
Processor: AMD Athlon™ XP 3200+ | Socket A | 2191/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 145 GiB total, 69.066 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.521 GiB free.
E: is Removable
F: is CDROM ()
G: is Removable
H: is CDROM ()
I: is Removable
J: is Removable
L: is Removable
O: is Removable
P: is Removable
Q: is Removable
R: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1853: 10/26/2009 11:10:36 AM - System Checkpoint
RP1854: 10/26/2009 3:52:24 PM - Installed Java™ 6 Update 15
RP1855: 10/26/2009 5:28:18 PM - Revo Uninstaller's restore point - AnyDVD
RP1856: 10/26/2009 5:28:28 PM - Remove AnyDVD

==== Installed Programs ======================


1Click DVD Copy 4.1
ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Ad-Aware SE Professional
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe PageMaker 7.0
Adobe Reader 7.0.7
Advanced System Optimizer 2.10
AnyDVD
Apple Software Update
AQUAZONE "Seven Seas Collection"
Authentium AntiVirus SDK - 2
AviSynth 2.5
Belarc Advisor 7.2
Belkin Network USB Hub Control Center
BigFix
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blue's 123 Time Activities
Bounce Symphony from Hewlett-Packard Desktops (remove only)
Brownstone Equation Editor 5
Caillou® Magic Playhouse™
Calling all Titans! (remove only)
CheckIt Diagnostics
CloneDVD 3.5
Command & Conquer The First Decade
Command & Conquer™ The First Decade Patch 1.02
CopyToDVD
Critical Update for Windows Media Player 11 (KB959772)
D-Link USB Phone Adapter
Diploma
Disk Heal
DivX Content Uploader
DivX Web Player
Dora Backpack
DVD Decrypter (Remove Only)
DVD X Copy Platinum 4.0.3
DVD X Rescue
Easy CD Clone
Easy Internet Sign-up
eBoostr 3
Enhanced Multimedia Keyboard Solution
EPSON CardMonitor
EPSON PhotoCenter
EPSON PhotoStarter3.0
EPSON PictureMate User's Guide
EPSON Printer Software
Excavation from Hewlett-Packard Desktops (remove only)
eXplorist Wizard
Film Factory
FinalAlert 2 Yuri's Revenge
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
Gallery Remote
GameSpy Arcade
GammonEmpire
Glary Utilities 2.16.0.758
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Home Legal Advisor
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.0
HP Update
HPIZ350
HPSSupply
IGN Download Manager 2.2.2
Impulse
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iolo AntiVirus
iolo technologies' System Mechanic
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 15
JumpStart Toddlers
KEDDS
Kid Pix Deluxe 3
Kids Next Door
Kodak EasyShare software
KODAK Gallery Upload Software
Lavasoft VX2 Cleaner
LeapFrog Connect
LeapFrog Didj Plugin
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark 5200 Series
Lexmark Fax Solutions
Linksys EasyLink Advisor 1.5 (1010)
Macromedia Shockwave Player
MAIET entertainment - Gunz
Malwarebytes' Anti-Malware
MapSend DirectRoute North America
MapSend Manager
Math Advantage 2000
MaxBlast 4
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.8
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Mozilla Firefox (3.5.3)
MSN Messenger 7.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Card Reader
MUSICMATCH® Jukebox
Nero 7 Premium
neroxml
netbrdg
Norton PartitionMagic 8.0
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA Ethernet Driver
NVIDIA GART Driver
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
PeerGuardian 2.0
Perfect Attorney
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
Print Perfect Deluxe
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
Rappelz Epic3
RealPlayer
RecordNow!
Registry Mechanic 8.0
RenGuard
Rental Property Manager v2
Revo Uninstaller 1.75
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SFR
Shop for HP Supplies
Sins of a Solar Empire
Skype 3.0
Skype Plugin Manager
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster 4.2
SwiftView Viewer
TaxCut Deluxe 2005
Test Package
TestCheck
TestGen
TestGen-EQ
TestGen-EQ Plug-in from IE
Tobey Slater, Intermediate Algebra 4e
Toolkit View(HP)
Turbo Lister
Ulead CD & DVD PictureShow 4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Updates from HP
VideoNow Media Wizard
Viewpoint Media Player
Walmart MP3 Music Downloads
Westwood Online
Win994a Application Suite
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
World of Kaneva Phase 1
Yahoo! Music Engine
Zone Deluxe Games

==== Event Viewer Messages From Past Week ========

10/26/2009 3:06:20 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/26/2009 3:06:02 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
10/26/2009 3:05:59 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 1 time(s).
10/26/2009 3:05:54 PM, error: Service Control Manager [7034] - The eBoostr Service service terminated unexpectedly. It has done this 1 time(s).
10/26/2009 3:05:46 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
10/26/2009 3:05:46 PM, error: Service Control Manager [7034] - The LeapFrog Connect Device Service service terminated unexpectedly. It has done this 1 time(s).
10/26/2009 2:57:55 PM, error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 1 time(s).
10/26/2009 2:57:55 PM, error: Service Control Manager [7034] - The iolo FileInfoList Service service terminated unexpectedly. It has done this 1 time(s).
10/26/2009 2:57:48 PM, error: Service Control Manager [7034] - The dvpapi service terminated unexpectedly. It has done this 1 time(s).
10/26/2009 2:56:40 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 2 time(s).
10/26/2009 2:56:16 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/25/2009 7:20:25 PM, error: Service Control Manager [7023] - The dvpapi service terminated with the following error: The class is configured to run as a security id different from the caller
10/25/2009 7:07:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: fasttx2k SISAGP viaagp1
10/25/2009 7:07:52 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
10/25/2009 7:07:50 PM, error: Service Control Manager [7022] - The dvpapi service hung on starting.
10/25/2009 7:06:21 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
10/25/2009 3:01:33 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office XP (KB921596).
10/24/2009 8:54:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/24/2009 6:18:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/24/2009 5:45:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 BANTExt Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss StarOpen Tcpip WS2IFSL
10/24/2009 5:45:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
10/24/2009 5:45:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/24/2009 5:45:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/24/2009 5:45:51 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
10/24/2009 5:45:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/24/2009 5:30:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

==== End Of File ===========================

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 13:12:46.03 on Tue 10/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.111 [GMT -4:00]

AV: iolo AntiVirus® *On-access scanning enabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\AntiVirus\ioloAV.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRunOnce: [<NO NAME>] c:\program files\internet explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/servlet/P...000022.0000004e
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [NvCplDaemon] c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Sunkist2k] "c:\program files\multimedia card reader\shwicon2k.exe"
mRun: [Lexmark 5200 series] "c:\program files\lexmark 5200 series\lxbtbmgr.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [EPSON PictureMate] "c:\windows\system32\spool\drivers\w32x86\3\E_S4I2P1.EXE" /P17 EPSON PictureMate /O6 USB002 /M PictureMate
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [DVDTray] "c:\program files\hp" dvd\umbrella\DVDTray.exe
mRun: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtime.dll,_RunDLLEntry@16
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [iolo AntiVirus] "c:\program files\iolo\antivirus\ioloAV.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eboost~1.lnk - c:\program files\eboostr\eBoostrCP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\iavlsp.dll
Trusted Zone: moove.com
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://asp.mathxl.com/applets/PearsonInstallAsst.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136144209406
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} - hxxps://loandocs.swiftsend.com/RedirectHTTP.html?url=http%3A%2F%2Floandocs.swiftsend.com%2Fcomponent%2Fsview-6.2.2%2Fsvinstall_a_stat_ics.cab%23Version%3D5%2C3%2C4%2C0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\qnrdsgam.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\qnrdsgam.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\ign\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkanevapatch.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2009-5-20 125544]
R0 TLRecAgent;TLRecAgent;c:\windows\system32\drivers\TLRecAgent.sys [2006-8-17 14888]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2006-1-1 3744]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eboostr\EBstrSvc.exe [2009-5-20 639616]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-17 609792]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-17 609792]
R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2008-8-14 98304]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2009-2-4 991232]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2006-1-1 3904]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2007-9-27 79232]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-18 24652]
S2 mrtRate;mrtRate; [x]
S3 rtrepeal;rtrepeal;c:\windows\system32\drivers\rtrepeal.sys [2009-10-26 34816]
S3 slusbvip;SmartLink USB Driver;c:\windows\system32\drivers\slusbvip.sys [2006-8-17 546120]
S3 SLVAD_simple;D-Link Virtual Audio Device;c:\windows\system32\drivers\slvad.sys [2006-8-17 43248]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-26 20:29:05 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-10-26 19:52:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-26 19:52:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-26 19:21:35 77312 ----a-w- c:\windows\MBR.exe
2009-10-26 18:58:55 34816 ----a-w- c:\windows\system32\drivers\rtrepeal.sys
2009-10-26 17:56:20 0 d-----w- c:\program files\Trend Micro
2009-10-26 17:24:29 0 d-----w- c:\docume~1\alluse~1\applic~1\eboostr
2009-10-26 17:24:14 0 d-----w- c:\program files\eBoostr
2009-10-26 15:46:23 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-25 01:18:45 0 d-----w- c:\documents and settings\owner\DoctorWeb
2009-10-24 22:00:13 0 d-----w- C:\CboFx
2009-10-24 21:35:01 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-10-24 21:31:20 0 d-----w- c:\windows\ERUNT
2009-10-24 19:11:34 0 d-----w- C:\SDFix
2009-10-24 17:28:30 98816 ----a-w- c:\windows\sed.exe
2009-10-24 17:28:30 236544 ----a-w- c:\windows\PEV.exe
2009-10-24 17:28:30 161792 ----a-w- c:\windows\SWREG.exe
2009-10-24 17:00:07 0 d-----w- C:\trythese
2009-10-24 06:22:38 0 d-----w- C:\$RECYCLE.BIN
2009-10-24 00:03:47 0 d-----w- c:\program files\Rental Property Manager 2
2009-10-17 14:28:27 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-09-28 18:20:43 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll

==================== Find3M ====================

2009-09-26 17:57:34 25768 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 14:29:52 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-08-28 14:29:44 2116008 ----a-w- c:\windows\system32\Incinerator.dll
2009-08-26 19:42:00 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-08-26 19:42:00 12288 ----a-w- c:\windows\system32\smrgdf.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 23:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44:46 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:08 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2008-10-05 23:42:49 19403584 ----a-w- c:\program files\IA5T.BOK
2008-10-05 23:42:39 5008 ----a-w- c:\program files\userpref.tpr
2008-10-05 23:42:39 15008 ----a-w- c:\program files\EXAM.TPR
2008-10-05 23:41:36 71611 ----a-w- c:\program files\uninstal.log
2004-11-24 13:52:47 300 ----a-w- c:\program files\title1.cfg
2003-12-19 17:19:58 347329 ----a-w- c:\program files\stub.exe
2003-12-18 13:19:55 5897216 ----a-w- c:\program files\TestGen.exe
2003-12-17 14:23:56 30 ----a-w- c:\program files\version.ini
2003-12-09 18:51:59 106496 ----a-w- c:\program files\TGEdit.dat
2003-12-09 17:26:48 61440 ----a-w- c:\program files\tgnew.dat
2003-12-09 17:20:50 61440 ----a-w- c:\program files\funcplot.dat
2003-12-09 17:20:40 102400 ----a-w- c:\program files\pgtest.dat
2003-12-09 17:20:31 20480 ----a-w- c:\program files\qmeqmail.dat
2003-12-09 17:20:22 45056 ----a-w- c:\program files\qmequtil.dat
2003-12-09 17:20:13 77824 ----a-w- c:\program files\qmeq.dat
2003-12-09 17:19:54 4096 ----a-w- c:\program files\splash.dat
2003-12-09 17:19:17 12288 ----a-w- c:\program files\tgcheck.dat
2003-12-09 17:18:41 204800 ----a-w- c:\program files\tgwin.dat
2003-12-09 17:18:24 20480 ----a-w- c:\program files\tgmenu.dat
2003-12-09 17:18:04 20480 ----a-w- c:\program files\TGLib.dat
2003-11-24 15:48:32 197688 ----a-w- c:\program files\Title1.bmp
2001-12-12 19:19:58 29884 ----a-w- c:\program files\TGEQASI.TTF
2001-12-12 19:19:50 30820 ----a-w- c:\program files\TGEQAS.TTF
2001-12-12 19:18:44 35592 ----a-w- c:\program files\TGEQS.TTF
2001-12-12 19:18:36 30340 ----a-w- c:\program files\TGEQM.TTF
2001-12-12 19:18:28 44400 ----a-w- c:\program files\TGEQABI.TTF
2001-12-12 19:18:18 46384 ----a-w- c:\program files\TGEQAB.TTF
2001-12-12 19:18:04 45748 ----a-w- c:\program files\TGEQAI.TTF
2001-12-12 19:17:52 46324 ----a-w- c:\program files\TGEQA.TTF
1999-05-25 18:07:14 766 ----a-w- c:\program files\book.ico
1999-05-25 18:06:10 766 ----a-w- c:\program files\test.ico
1999-03-15 18:50:16 90112 ----a-w- c:\program files\ndgw.dat
1999-03-07 21:35:14 110592 ----a-w- c:\program files\ndtkit.dat
1999-03-07 21:32:38 81920 ----a-w- c:\program files\ndvgm.dat
1999-01-25 21:08:32 4096 ----a-w- c:\program files\nd.dat
1999-01-25 21:08:32 16384 ----a-w- c:\program files\ndcore.dat
1999-01-25 21:08:32 12288 ----a-w- c:\program files\ndres.dat
1997-02-15 04:50:18 259249 ----a-w- c:\program files\usadict
2004-09-07 04:50:05 0 --sha-w- c:\windows\sminst\HPCD.sys
2008-06-30 07:07:11 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008063020080701\index.dat

============= FINISH: 13:13:54.82 ===============

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,829 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:55 AM

Posted 03 November 2009 - 04:14 AM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log
  • GMER log


Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,829 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:55 AM

Posted 08 November 2009 - 04:07 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic to be re-opened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users