Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help I'm infected TROJAN.DROPPER


  • This topic is locked This topic is locked
40 replies to this topic

#1 ckirk

ckirk

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 04 February 2010 - 07:06 AM

Do Not Move This Topic-MG




I have an XP platform and Firefox browser.

The first I noticed that something was wrong is when I couldn't close windows and red shields started replicating in my systray [from a green sheild].

I immediately shutdown and rebooted in safemode and ran Malwarebytes [didn't catch anything]and then SuperAntispyware [caught trogan dropper].

I use Avast for virus protection but it didn't catch this one and has apparently bit the dust because it could not reach the update server. I uninstalled and reinstalled but it is still hosed. Continuously unable to reach the server [internet] to update. I've checked firewalls and it has an exception.

Weather Bug can't update but I don't have any problem getting to the internet. Bizarre. In fact, I'm using it now but with just a little concern.

There are still funny things happening. Some of my ports don't work.
[Sorry...couldn't get screen shots.]

Where should I start?? Sorry it all happened so fast and all I could think was to start in safe mode and scan with my malwares.


Malwarebytes' Anti-Malware 1.41
Database version: 3125
Windows 5.1.2600 Service Pack 3 (Safe Mode)

2/2/2010 10:04:35 AM
mbam-log-2010-02-02 (10-04-35).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 254972
Time elapsed: 1 hour(s), 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/02/2010 at 10:27 AM

Application Version : 4.33.1000

Core Rules Database Version : 4162
Trace Rules Database Version: 2358

Scan type : Quick Scan
Total Scan Time : 00:07:00

Memory items scanned : 185
Memory threats detected : 0
Registry items scanned : 476
Registry threats detected : 3
File items scanned : 8141
File threats detected : 2

Trojan.Dropper/Gen
[jkptndns] C:\DOCUMENTS AND SETTINGS\CARYL\LOCAL SETTINGS\APPLICATION DATA\ORWMOW\ORHOSFTAV.EXE
C:\DOCUMENTS AND SETTINGS\CARYL\LOCAL SETTINGS\APPLICATION DATA\ORWMOW\ORHOSFTAV.EXE
[jkptndns] C:\DOCUMENTS AND SETTINGS\CARYL\LOCAL SETTINGS\APPLICATION DATA\ORWMOW\ORHOSFTAV.EXE
C:\WINDOWS\Prefetch\ORHOSFTAV.EXE-2ABEA05C.pf

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-1708537768-57989841-725345543-1004\SOFTWARE\FunWebProductsDO NOT MOVE THIS TOPIC-MG

Edited by garmanma, 04 February 2010 - 12:03 PM.


BC AdBot (Login to Remove)

 


#2 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 04 February 2010 - 10:06 AM

Maurice Naggar
HJT Team

Should I be posting to the forum??

#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 AM

Posted 04 February 2010 - 10:41 AM

Yes, post your issues and logs only on this thread here.

As I mentioned by PM, see this topic http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
do the preliminaries
and post the DDS.txt log
Attach.txt
and RootRepeal log also in your next reply in -this- thread only.

And please be patient.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#4 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 04 February 2010 - 12:03 PM

HERE THEY ARE...

RootRepeal log
ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2010/02/04 10:45
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB4F5D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE10000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2D91000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\caryl\local settings\temp\wera83d.dir00\firefox.exe.hdmp
Status: Allocation size mismatch (API: 138608640, Raw: 0)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4ff56b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d70a4

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d70ae

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d709f

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4ff514c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d70b3

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d70b8

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d70c7

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4ff508c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4ff50f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d70c2

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d70bd

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4ff572e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d70a9

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb50b20b0

==EOF==
DDS.txt
DDS (Ver_09-12-01.01) - NTFSx86
Run by Caryl at 9:54:08.01 on Thu 02/04/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.1878 [GMT -6:00]

AV: avast! antivirus 4.8.1368 [VPS 100202-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PERMIS~1\bin\dm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Craft ROBO Controller\CRSSupervisor.exe
C:\Program Files\PermissionTV\bin\dmtray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\ntbackup.exe
C:\WINDOWS\system32\rsmsink.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Caryl\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [cdloader] "c:\documents and settings\caryl\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 964\memcard.exe"
mRun: [DLPSP] "c:\program files\dell printers\additional color laser software\status monitor\DLPSP.EXE"
mRun: [DLUPDR] "c:\program files\dell printers\additional color laser software\updater\DLUPDR.EXE"
mRun: [DLQLU] "c:\program files\dell printers\additional color laser software\launcher\DLQLU.EXE" /S
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\caryl\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\caryl\startm~1\programs\startup\santar~1.lnk - c:\program files\permissiontv\bin\dmtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\caryl\applic~1\mozilla\firefox\profiles\aqk5547k.default\
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\documents and settings\caryl\application data\mozilla\firefox\profiles\aqk5547k.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\documents and settings\caryl\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-2-2 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-2 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-2-2 138680]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2010-1-31 140184]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 PermissionTVDownloadManager;PermissionTV Download Manager Service;c:\progra~1\permis~1\bin\dm.exe [2008-10-27 213053]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-2-2 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-2-2 352920]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\caryl\my documents\downloads\sabkutil.sys --> c:\documents and settings\caryl\my documents\downloads\SABKUTIL.sys [?]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2008-2-20 36304]

=============== Created Last 30 ================

2010-02-04 13:30:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 13:30:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 13:30:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 19:58:09 177456 ----a-w- c:\windows\system32\dlsrm.dll
2010-01-31 19:57:34 135268 ----a-w- c:\windows\system32\DLPSCBML.DLL
2010-01-31 19:56:55 135266 ----a-w- c:\windows\system32\dlxbmzil.dll
2010-01-31 18:15:40 0 d-----w- c:\program files\common files\Jasc Software Inc
2010-01-31 18:15:11 12424 ----a-w- c:\windows\system32\LexFiles.ulf
2010-01-31 18:14:31 40960 ----a-r- c:\windows\system32\dlcjvs.dll
2010-01-31 18:14:28 1448 ----a-r- c:\windows\system32\dlcj.loc
2010-01-31 18:12:25 0 d-----w- c:\program files\Dell Photo AIO Printer 964
2010-01-31 13:51:05 0 d-----w- C:\col3927
2010-01-31 13:17:58 0 d-----w- c:\program files\hp deskjet 845c series
2010-01-31 13:11:52 16384 ----a-w- c:\windows\system32\FileOps.exe
2010-01-31 13:11:52 0 d-----w- c:\windows\system32\Adobe
2010-01-29 22:45:26 0 d-----w- c:\program files\Dell Printers
2010-01-27 19:52:06 0 d-----w- c:\program files\SoftSoft
2010-01-22 15:08:24 0 d-----w- c:\program files\iFinger
2010-01-13 04:30:16 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-01-31 18:13:09 77964 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-31 14:38:33 809 ---ha-w- c:\documents and settings\caryl\hpothb07.dat
2010-01-25 23:25:26 6948 ----a-w- c:\docume~1\caryl\applic~1\wklnhst.dat
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2008-12-05 15:59:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120520081206\index.dat

============= FINISH: 9:54:33.46 ===============

Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/14/2008 9:47:47 AM
System Uptime: 2/2/2010 12:13:41 PM (45 hours ago)

Motherboard: Intel Corporation | | DP965LT
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | LGA 775 | 2397/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 400.818 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 354.672 GiB free.
H: is Removable
Z: is NetworkDisk (NTFS) - 144 GiB total, 82.138 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP664: 11/6/2009 12:29:15 PM - System Checkpoint
RP665: 11/7/2009 1:30:20 PM - System Checkpoint
RP666: 11/8/2009 9:15:59 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP667: 11/8/2009 12:03:18 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP668: 11/8/2009 4:13:56 PM - Software Distribution Service 3.0
RP669: 11/9/2009 8:17:43 AM - Software Distribution Service 3.0
RP670: 11/10/2009 8:23:01 AM - System Checkpoint
RP671: 11/10/2009 3:05:13 PM - Removed SUPERAntiSpyware Free Edition
RP672: 11/10/2009 3:06:35 PM - Installed SUPERAntiSpyware Professional
RP673: 11/10/2009 3:36:46 PM - Software Distribution Service 3.0
RP674: 11/11/2009 4:11:08 PM - System Checkpoint
RP675: 11/12/2009 4:17:11 PM - System Checkpoint
RP676: 11/13/2009 5:29:10 PM - System Checkpoint
RP677: 11/14/2009 1:36:20 PM - Software Distribution Service 3.0
RP678: 11/15/2009 2:18:22 PM - System Checkpoint
RP679: 11/16/2009 2:26:12 PM - System Checkpoint
RP680: 11/17/2009 3:18:23 PM - System Checkpoint
RP681: 11/18/2009 3:29:17 PM - System Checkpoint
RP682: 11/19/2009 9:21:24 AM - Software Distribution Service 3.0
RP683: 11/20/2009 2:09:39 PM - System Checkpoint
RP684: 11/21/2009 2:49:03 PM - System Checkpoint
RP685: 11/22/2009 3:34:00 PM - System Checkpoint
RP686: 11/23/2009 4:20:05 PM - System Checkpoint
RP687: 11/24/2009 5:08:04 PM - System Checkpoint
RP688: 11/25/2009 8:08:16 AM - Removed Bonjour
RP689: 11/25/2009 8:09:26 AM - Removed Safari
RP690: 11/25/2009 8:12:57 AM - Software Distribution Service 3.0
RP691: 11/26/2009 9:32:03 AM - System Checkpoint
RP692: 11/27/2009 11:09:50 AM - System Checkpoint
RP693: 11/28/2009 11:11:18 AM - System Checkpoint
RP694: 11/29/2009 11:23:22 AM - System Checkpoint
RP695: 11/30/2009 12:12:27 PM - System Checkpoint
RP696: 12/1/2009 12:24:40 PM - System Checkpoint
RP697: 12/2/2009 1:23:22 PM - System Checkpoint
RP698: 12/3/2009 4:30:33 PM - System Checkpoint
RP699: 12/4/2009 5:19:29 PM - System Checkpoint
RP700: 12/5/2009 5:40:00 PM - System Checkpoint
RP701: 12/6/2009 6:39:59 PM - System Checkpoint
RP702: 12/7/2009 7:39:59 PM - System Checkpoint
RP703: 12/8/2009 8:29:04 PM - System Checkpoint
RP704: 12/9/2009 8:39:59 PM - System Checkpoint
RP705: 12/10/2009 3:00:14 AM - Software Distribution Service 3.0
RP706: 12/11/2009 3:23:54 AM - System Checkpoint
RP707: 12/12/2009 4:35:53 AM - System Checkpoint
RP708: 12/13/2009 5:23:53 AM - System Checkpoint
RP709: 12/14/2009 6:35:53 AM - System Checkpoint
RP710: 12/15/2009 7:35:53 AM - System Checkpoint
RP711: 12/16/2009 7:37:03 AM - System Checkpoint
RP712: 12/17/2009 7:54:41 AM - System Checkpoint
RP713: 12/18/2009 8:37:08 AM - System Checkpoint
RP714: 12/19/2009 9:49:07 AM - System Checkpoint
RP715: 12/20/2009 10:39:02 AM - System Checkpoint
RP716: 12/21/2009 11:49:07 AM - System Checkpoint
RP717: 12/22/2009 12:54:57 PM - System Checkpoint
RP718: 12/23/2009 1:37:07 PM - System Checkpoint
RP719: 12/24/2009 2:07:08 PM - System Checkpoint
RP720: 12/25/2009 2:33:55 PM - System Checkpoint
RP721: 12/26/2009 2:49:10 PM - System Checkpoint
RP722: 12/27/2009 3:49:11 PM - System Checkpoint
RP723: 12/28/2009 4:49:11 PM - System Checkpoint
RP724: 12/29/2009 5:37:11 PM - System Checkpoint
RP725: 12/30/2009 6:49:10 PM - System Checkpoint
RP726: 12/31/2009 7:49:12 PM - System Checkpoint
RP727: 1/1/2010 8:49:12 PM - System Checkpoint
RP728: 1/2/2010 9:49:12 PM - System Checkpoint
RP729: 1/3/2010 10:37:12 PM - System Checkpoint
RP730: 1/4/2010 10:49:12 PM - System Checkpoint
RP731: 1/5/2010 11:37:12 PM - System Checkpoint
RP732: 1/6/2010 11:49:12 PM - System Checkpoint
RP733: 1/8/2010 12:37:11 AM - System Checkpoint
RP734: 1/9/2010 2:43:00 PM - Software Distribution Service 3.0
RP735: 1/10/2010 3:37:11 PM - System Checkpoint
RP736: 1/11/2010 4:25:10 PM - System Checkpoint
RP737: 1/12/2010 5:37:10 PM - System Checkpoint
RP738: 1/13/2010 3:00:14 AM - Software Distribution Service 3.0
RP739: 1/14/2010 3:35:15 AM - System Checkpoint
RP740: 1/15/2010 10:09:39 AM - System Checkpoint
RP741: 1/16/2010 11:21:26 AM - System Checkpoint
RP742: 1/17/2010 12:09:26 PM - System Checkpoint
RP743: 1/18/2010 1:21:26 PM - System Checkpoint
RP744: 1/19/2010 2:21:26 PM - System Checkpoint
RP745: 1/20/2010 3:37:15 PM - System Checkpoint
RP746: 1/21/2010 3:00:14 AM - Software Distribution Service 3.0
RP747: 1/22/2010 3:00:14 AM - Software Distribution Service 3.0
RP748: 1/22/2010 9:08:23 AM - Installed iFinger
RP749: 1/23/2010 9:40:03 AM - System Checkpoint
RP750: 1/24/2010 10:26:54 AM - System Checkpoint
RP751: 1/25/2010 11:09:25 AM - System Checkpoint
RP752: 1/26/2010 11:47:59 AM - System Checkpoint
RP753: 1/27/2010 1:21:26 PM - System Checkpoint
RP754: 1/28/2010 11:22:33 AM - Removed Adobe Photoshop CS2
RP755: 1/29/2010 11:27:00 AM - System Checkpoint
RP756: 1/29/2010 4:45:45 PM - Installed Dell Printer Software
RP757: 1/31/2010 6:26:21 AM - System Checkpoint
RP758: 1/31/2010 7:52:19 AM - Installed HP Photo and Imaging 2.0 - Scanners
RP759: 1/31/2010 8:19:07 AM - Removed Print to Fax
RP760: 1/31/2010 8:25:27 AM - Removed HP Photo and Imaging 2.2 - Scanjet 3970 Series
RP761: 1/31/2010 9:31:56 AM - Removed HP Photo and Imaging 2.0 - Scanners
RP762: 1/31/2010 9:39:16 AM - Removed HP Memories Disc
RP763: 1/31/2010 11:57:00 AM - Removed iS3 STOPzilla Toolbar
RP764: 1/31/2010 12:17:30 PM - Installed Print to Fax
RP765: 1/31/2010 12:18:17 PM - Printer Driver CAPTURE FAX Installed
RP766: 1/31/2010 1:57:58 PM - Installed Dell Printer Software
RP767: 1/31/2010 2:14:04 PM - Installed Dell Printer Software
RP768: 2/1/2010 7:36:04 AM - Removed iFinger
RP769: 2/1/2010 7:50:45 AM - Installed iFinger
RP770: 2/2/2010 2:02:59 PM - System Checkpoint
RP771: 2/3/2010 2:30:04 PM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Illustrator 10
Adobe Illustrator 8.0
Adobe Photoshop 7.0
Adobe Reader 9.1.3
Adobe SVG Viewer 3.0
APC PowerChute Personal Edition
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuctionSage
avast! Antivirus
Chinese Traditional Fonts Support For Adobe Reader 8
CoffeeCup Direct FTP
CoffeeCup Direct FTP 6.5.4
CoffeeCup Free FTP
Compatibility Pack for the 2007 Office system
Craft ROBO Controller
Critical Update for Windows Media Player 11 (KB959772)
Dell Photo AIO Printer 964
Dell Printer Software
EPSON Print CD
EPSON Printer Software
EPSON R280 User's Guide
EVGA Display Driver
Graphtec Cutting Master ROBO Ver.1.00 - Illustrator 8
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
iFinger
Intel Audio Studio 2.0
Intel® Management Engine Interface
Intel® PRO Network Connections 11.2.0.69
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java™ 6 Update 15
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Klic-N-Kut Studio Element (C:\Klic-N-Kut Studio Element)
Macromedia Dreamweaver 4
Macromedia Extension Manager
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Speech SDK 5.1
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
MoonWidget
Move Media Player
Mozilla Firefox (3.5.7)
Mozilla Thunderbird (2.0.0.12)
MP3 Player Utilities 3.81
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Opcion Font Viewer
OpenOffice.org 3.0
PermissionTV Download Manager
PermissionTV Santa Rosa County Library System Player 3.15
Print to Fax
QuickTime
Real Alternative 1.9.0
ROBO Master
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
ShareIns
SigmaTel Audio
Spelling Dictionaries Support For Adobe Reader 8
SUPERAntiSpyware Professional
System Requirements Lab
TBS WMP Plug-in
TuneUp Utilities 2008
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WeatherBug
WebFldrs XP
Windows Backup Utility
Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinTopo
WinZip Self-Extractor
Works Upgrade

==== Event Viewer Messages From Past Week ========

2/2/2010 12:46:11 PM, error: DCOM [10000] - Unable to start a DCOM Server: {3FD07B5F-B17A-4243-949B-94C5A9D2E465}. The error: "%2" Happened while starting this command: C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe /Automation -Embedding
2/2/2010 10:15:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP Fips intelppm SASDIFSV SASKUTIL
2/1/2010 10:59:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
2/1/2010 10:59:55 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 10:59:55 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 10:59:55 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 10:59:55 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 10:59:55 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 10:59:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/1/2010 10:59:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/31/2010 2:24:59 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
1/31/2010 12:48:13 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\D.
1/31/2010 12:14:37 PM, error: Print [22] - Failed to ugrade printer settings for printer \\CARYLSDELL\Dell Photo AIO Printer 964,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcjUI5C.DLL error 87.
1/31/2010 11:57:23 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/31/2010 1:52:20 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:.
1/31/2010 1:52:07 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
==== End Of File ===========================


Edited by Maurice Naggar, 04 February 2010 - 12:52 PM.


#5 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 AM

Posted 04 February 2010 - 01:08 PM

You will want to print out or copy these instructions to Notepad for offline reference!
If you are a casual viewer, do NOT try this on your system!
If you are not ckirk and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

Step 1
Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Step 3
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Just only temporarily disable the antivirus program Avast.
Also, turn off and exit S*perantispyware, to prevent conflicts.

I'd like to have you do an online scan at ESET

Step 4
Using Internet Explorer browser only, go to ESET Online Scanner website:
Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.
  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here
    http://www.eset.com/onlinescan/cac4.php?page=faq
    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
Step 5
Re-enable your Avast AV

Reply with copy of ESET scan log

P.S. Do NOT use the Attach feature when putting your logs & reports.
Always do a Copy and Paste and put report inside the body of reply box.



~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#6 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 04 February 2010 - 01:41 PM

I am trying to follow all instructions carefully...ERUNT does not have the option to NOT INSTALL TO START UP FOLDER. [SEE PICS] When I back out the name in the 'browse slot' it won't go forward. And, if you browse, only the program folder is available along with all the programs. Continue with these default settings and allow folder in start up??

http://www.captkirkstamps.com/erunt_1.jpg
http://www.captkirkstamps.com/erunt_2.jpg

Edited by ckirk, 04 February 2010 - 01:42 PM.


#7 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 AM

Posted 04 February 2010 - 02:25 PM

Go with whatever ERUNT has for the default. Please proceed forward.
Do as much as you can.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#8 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 04 February 2010 - 03:40 PM

IE doesn't get access to the net. These are results are taking down firewall. [YIKES...I THOUGHT IT SAID TAKE IT DOWN...but I did this after IE said it was the problem...putting it back up.]

http://www.captkirkstamps.com/dx_IE_2.4.jpg SAME WITH FIREWALL UP.

Edited by ckirk, 04 February 2010 - 03:51 PM.


#9 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 04 February 2010 - 03:42 PM

Just checked and CAN access with Firefox. [This was the program I was using when I started having the problem.] Made sure that IE wasn't offline.

Edited by ckirk, 04 February 2010 - 03:45 PM.


#10 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 AM

Posted 04 February 2010 - 04:38 PM

Keep the firewall on. Did you manage to start the ESET scan?
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#11 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 04 February 2010 - 07:38 PM

No, not yet. I've been waiting to find out if you want me to use Firefox. IE is unable to make a connection through those ports.

#12 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 AM

Posted 04 February 2010 - 09:03 PM

Do this now:
Please download and run the Trend Micro Sysclean Package on your computer.
NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.
  • Create a brand new folder to copy these files to.
  • As an example: C:\DCE
  • Then open each of the zipped archive files and copy their contents to C:\DCE
  • Copy the file sysclean.com to the new folder C:\DCE as well.
  • Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.
How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista

After Sysclean is done, do this:
Download This tool save it directly to your desktop - not a folder on the desktop - the commands are tailored for the desktop location.

Click Start>Run and
Copy then Paste the following bolded text (the whole line verbatim) into the Run box and click OK:

"%userprofile%\desktop\Inherit.exe" "c:\Program Files\Internet Explorer\iexplore.exe"

Now, then, try using Internet Explorer to do the online scan at ESET.
When done, copy and paste the Eset scan log.

IF there is still an issue with I.E. browser, I need full details.

Edited by Maurice Naggar, 04 February 2010 - 09:08 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#13 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 05 February 2010 - 08:28 AM

Even though I haven't ran ERUNT?? ...I'm going to take that as a yes and go forward!!

Edited by ckirk, 05 February 2010 - 09:24 AM.


#14 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 AM

Posted 05 February 2010 - 11:51 AM

Yes --- go forward.

#15 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 05 February 2010 - 01:25 PM

Okay...sysclean is giving me a prob ... see below

http://www.captkirkstamps.com/TMCOMM.SYS.MISSING.jpg

I've done some looking on Trend Micros site and here's what I found...Greek to me...don't know if it applies...looks kinda old


http://threatinfo.trendmicro.com/vinfo/vir...YS&VSect=Sn

Edited by ckirk, 05 February 2010 - 01:27 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users