Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Infection


  • This topic is locked This topic is locked
48 replies to this topic

#1 thatguyneedshelp

thatguyneedshelp

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 22 March 2010 - 08:11 AM

I am running Windows XP SP3. I recently installed SP3 last week. Since then I have been running scans with:

MalwareBytes
AVG
Spysweeper
A-Squared Free

A-squared will pick up trojan infections and clean them as long as i have the modem disconnected from the PC. As soon as I connect again, no matter how long, 30 sec. or 20 minutes, i will rescan and the trojan has been recovered.

Also, IE is redirecting when i attempt to log into my hotmail account. Since i had the infection detected i have not turned the modem on at my home pc for some time now.

If someone could please tell me what logs to run and post i would appreciate it. Also let me know if there is any other info you need to help diagnose.

Thanks!

BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:11:35 PM

Posted 22 March 2010 - 08:46 AM

Greetings thatguyneedshelp and Welcome to the Forms,

Please thoroughly read this "Sticky Note" posted at the top of this forum, and do all that is instructed there. Post back the requested logs and I will review them for you. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 thatguyneedshelp

thatguyneedshelp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 22 March 2010 - 11:30 AM

Thank you. I will run these tonight at home and post the logs tomorrow morning.

#4 thatguyneedshelp

thatguyneedshelp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 23 March 2010 - 08:36 AM

Here is the DDS logs from last night:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Josh at 19:41:08.79 on Mon 03/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.422 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Josh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar =
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [AlwaysReady Power Message APP] "ARPWRMSG.EXE"
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [IPHSend] "c:\program files\common files\aol\iphsend\IPHSend.exe"
mRun: [KBD] "c:\hp\kbd\KBD.EXE"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\josh\startm~1\programs\startup\boincm~1.lnk - c:\program files\boinc\boincmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: trymedia.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194548659140
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: {F46E0467-3A99-420E-B5B1-949BF971CE34} = 156.154.70.22,156.154.71.22
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\napuruya.dll gamibuyo.dll ?r??  c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: nojigijud - {53536984-6de2-440b-83e3-f3987a4a1ede} - c:\windows\system32\napuruya.dll
STS: jugezatag: {53536984-6de2-440b-83e3-f3987a4a1ede} - c:\windows\system32\napuruya.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-24 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-24 28424]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-2-24 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-2-24 25160]
R1 NEOFLTR_550_12029;Juniper Networks TDI Filter Driver (NEOFLTR_550_12029);c:\windows\system32\drivers\NEOFLTR_550_12029.sys [2007-8-23 63008]
R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [2008-11-21 64480]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-3-1 1858144]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-24 285392]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-2-24 723632]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-16 236368]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-3-31 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-6-19 1201640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-16 19160]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-11-8 30192]

=============== Created Last 30 ================

2010-03-02 02:46:42 0 d-----w- c:\program files\a-squared Free
2010-02-28 00:55:54 0 d-----w- c:\windows\system32\QuickTime
2010-02-28 00:54:53 0 d-----w- c:\program files\3ivx
2010-02-27 23:53:41 130 ----a-w- c:\windows\cfplogvw.INI
2010-02-26 22:54:36 0 d-----w- c:\windows\system32\en
2010-02-26 22:54:36 0 d-----w- c:\windows\system32\bits
2010-02-25 04:03:23 0 d-----w- c:\docume~1\josh\applic~1\AVG9
2010-02-25 01:04:02 0 d--h--w- C:\$AVG
2010-02-25 01:03:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-25 01:03:43 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-25 01:03:35 0 d-----w- c:\windows\system32\drivers\Avg
2010-02-25 01:03:01 0 d-----w- c:\program files\AVG
2010-02-25 01:03:00 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-24 23:10:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo
2010-02-24 23:10:46 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-24 23:10:46 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-24 23:10:46 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-24 23:10:39 0 d-----w- c:\program files\COMODO
2010-02-22 02:00:24 0 d-sh--w- c:\documents and settings\josh\IECompatCache

==================== Find3M ====================

2010-02-01 02:55:07 31092 ----a-w- c:\windows\system32\2009sfs_mtdse_localmon.dll
2010-02-01 02:55:07 22416 ----a-w- c:\windows\system32\2009sfs_mtdse_localui.dll
2010-01-15 21:47:16 595499 ----a-w- C:\Autoruns.zip
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys

============= FINISH: 19:41:55.48 ===============



After DDS I tried to run the GMER program. 2 minutes into the scan the pc restarted itself and produced this system error message:

Error Signature
BCCode: c2 BCP1: 00000007 BCP2: 00000CD4 BCP3: 00A30000
BCP4: 84D24008 OSVer: 5_1_2600 SP: 3_0 Product: 256_1


I attempted to run GMER a second time. It completed the scan, however the PC froze when i attempted to click on the Save button to save the log. GMER is running again while I am at work, hopefully i can get the log later today.

For now, this is all I have.



Attached Files



#5 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:11:35 PM

Posted 23 March 2010 - 09:46 AM

Before we continue, let's address an issue that can cause you serious problems and of course, would also interfere with our troubleshooting endeavor.

Your log shows us that you have a potential disaster brewing while having all three of these installed:
AVG Antivirus Free
Comodo Firewall
Norton Internet Security


I have not yet thoroughly reviewed your log but spotted this instantly when I first glanced. First I should advise you that having more than one antivirus or firewall product installed and running will cause a catastrophic conflict should these programs all want to claim access rights to some offending file.

The wrestling match will result in a tug-of-war "instability" issue that may end up causing a blue screen and loss of data.

The AVG antivirus by itself would be fine as long as you have the native Windows firewall enabled. Should you prefer a third party firewall then you need to disable the Windows native firewall while you have the third party firewall running. Just a note...not all vendors have as excellent programmers on board as say...the combofix author sUBs.

The mediocre programmers, while doing a fairly good job of it writing the program itself, lack the talent or patience required to include in the installer file, a command to disable the Windows native firewall.

As a result, many folks end up with a third party firewall running alongside the Windows native firewall. This also creates instability issues.

Please decide which product you want to keep and uninstall the others. When you finish, please run DDS again and post both that log as well as the "Attach.txt". Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#6 thatguyneedshelp

thatguyneedshelp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 23 March 2010 - 11:13 AM

Thanks for the info. I uninstalled Norton Security around a month ago when i experienced some issues with the program not being able to clean an infection. I have heard that Norton is sometimes hard to remove completely.... Any advice on removing Norton completely? It no longer appears on my Add/Remove programs list...

I will uninstall Comodo tonight and just run with AVG and Windows Firewall. Will post logs and attempt to run GMER again after Uninstall.

#7 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:11:35 PM

Posted 23 March 2010 - 06:02 PM

" I uninstalled Norton Security around a month ago when i experienced some issues with the program not being able to clean an infection."

The header from your log:
QUOTE
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

...shows it is not only still installed, it is enabled. You can remove a failed Symantec installation/uninstallation or damaged product using their Removal Tool.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#8 thatguyneedshelp

thatguyneedshelp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 24 March 2010 - 05:35 PM

Last night I uninstalled Comodo firewall. Choosing to keep AVG Free and run with Windows Firewall. After the uninstall was complete I restarted. Now windows will let me choose the profile to log in with, but as soon as the desktop and taskbar are loaded the PC freezes up. I have manually powered down the tower 3 times and restarted the system to have the same thing happen each time.

Unless otherwise directed, I am going to use system restore, then try removing Norton using the tool you provided above. If all that goes well, i will try to uninstall Comodo a second time and run DDS after. Logs to follow tomorrow.

#9 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:11:35 PM

Posted 24 March 2010 - 07:44 PM

You can do this instruction below from your normal windows user mode by the way, but since you are having trouble booting up, try booting into safe mode to perform these steps:

1) Open the "Start" menu and choose "Run..."
2) Type cmd in the run box and click "ok".
3) At the cmd prompt, type or copy and paste:
set devmgr_show_nonpresent_devices=1
...and press enter. (Note that nothing seems to happen--this is expected. We are actually setting an environment variable which is going to help us to see hidden devices)
4) On the next cmd prompt line, type in:
devmgmt.msc
...and press enter. This will launch the Windows Device Manager Console.
5) In the Device Manager Console, from the "View" menu, select "Show Hidden Devices".

Now...you may see there some device drivers that appear to be grayed out. If you were to just select "Show hidden devices" from the view menu without having gone through those commands above, you would not see those. Look for any device driver there that has "comodo" as part of it's name. Right click on it and select "Uninstall".

Do this for all device drivers listed for comodo, or for that matter, for any device or software that you KNOW WITH CERTAINTY are fine for you to remove. Be careful to make certain you know that what you remove are definitely old drivers for software/hardware that you no longer use.

When finished, reboot...in fact, before you finish you may be asked to reboot so do it when prompted, but return to this instruction and repeat the above steps to re-set the environment variable so you will be able once more to see the hidden drivers. Continue in this way until you have removed all of the "Comodo" drivers.

When you finish, you should be able to boot up just fine without windows having any arguments with old drivers causing hang issues. Post back the previously requested logs when you finish. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#10 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:11:35 PM

Posted 24 March 2010 - 07:50 PM

You might also want to try uninstalling the Symantec failed installation while in safe mode as well. To do this, we need to edit the registry. Before we do however, first back up the Registry following the instructions in that link.

Download the removal tool from the previous instruction...

Next, copy and paste the following into a blank Notepad. Save it to your Desktop and save it as uisafemode.bat :

CODE
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\MSIServer]
@="Service"


Double-click the bat file and allow it to merge with the Registry. Next, you can delete the .bat file on the desktop. While in safe mode you should now have access to the Windows installer to perform both installs or uninstalls while in safe mode.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#11 thatguyneedshelp

thatguyneedshelp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 25 March 2010 - 01:26 PM

Ok, followed your instructions to remove Comodo drivers. This seemed to help with the windows loading problem. Also, booted into safe mode following your directions and Used the Norton Removal Tool. Everything went well with that also.

I ran DDS and saved the logs. But realized you might need to have a record of the trojan recovering itself. So I switched on the modem.

My next step was to update AVG, Spysweeper, MalwareBytes, and A-Squared Free. after the update I ran scans thru the night. After i confirmed A-Squared is still reporting the trojan infection I ran DDS a second time. Here is the log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by #### at 10:14:52.10 on Thu 03/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.430 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Documents and Settings\Josh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar =
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [AlwaysReady Power Message APP] "ARPWRMSG.EXE"
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [IPHSend] "c:\program files\common files\aol\iphsend\IPHSend.exe"
mRun: [KBD] "c:\hp\kbd\KBD.EXE"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\josh\startm~1\programs\startup\boincm~1.lnk - c:\program files\boinc\boincmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: trymedia.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194548659140
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\napuruya.dll gamibuyo.dll ?r??  c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: nojigijud - {53536984-6de2-440b-83e3-f3987a4a1ede} - c:\windows\system32\napuruya.dll
STS: jugezatag: {53536984-6de2-440b-83e3-f3987a4a1ede} - c:\windows\system32\napuruya.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-24 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-24 29512]
R1 NEOFLTR_550_12029;Juniper Networks TDI Filter Driver (NEOFLTR_550_12029);c:\windows\system32\drivers\NEOFLTR_550_12029.sys [2007-8-23 63008]
R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [2008-11-21 64480]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-3-1 1858144]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-24 308064]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-16 236368]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-6-19 1201640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-16 19160]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-11-8 30192]

=============== Created Last 30 ================

2010-03-25 14:06:01 54016 ----a-w- c:\windows\system32\drivers\qexsys.sys
2010-03-25 03:19:25 0 d-----w- c:\program files\ACW
2010-03-02 02:46:42 0 d-----w- c:\program files\a-squared Free
2010-02-28 00:55:54 0 d-----w- c:\windows\system32\QuickTime
2010-02-28 00:54:53 0 d-----w- c:\program files\3ivx
2010-02-27 23:53:41 130 ----a-w- c:\windows\cfplogvw.INI
2010-02-26 22:54:36 0 d-----w- c:\windows\system32\en
2010-02-26 22:54:36 0 d-----w- c:\windows\system32\bits
2010-02-25 04:03:23 0 d-----w- c:\docume~1\josh\applic~1\AVG9
2010-02-25 01:04:02 0 d--h--w- C:\$AVG
2010-02-25 01:03:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll.old
2010-02-25 01:03:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-25 01:03:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-25 01:03:35 0 d-----w- c:\windows\system32\drivers\Avg
2010-02-25 01:03:01 0 d-----w- c:\program files\AVG
2010-02-25 01:03:00 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-24 23:10:39 0 d-----w- c:\program files\COMODO

==================== Find3M ====================

2010-02-01 02:55:07 31092 ----a-w- c:\windows\system32\2009sfs_mtdse_localmon.dll
2010-02-01 02:55:07 22416 ----a-w- c:\windows\system32\2009sfs_mtdse_localui.dll
2010-01-15 21:47:16 595499 ----a-w- C:\Autoruns.zip
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys

============= FINISH: 10:15:53.65 ===============


I still have the logs from the first run of DDS after the uninstall of Comodo and Norton. If you would like to look at these also just let me know.

Thanks!

Attached Files


Edited by thatguyneedshelp, 25 March 2010 - 01:53 PM.


#12 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:11:35 PM

Posted 25 March 2010 - 05:20 PM

You did an excellent job of it thatguyneedshelp, thanks!

I know you said you were having trouble running gmer previously, but since we removed the spurious comodo drivers you might find the bsod problem it caused earlier no longer exists. Try it again. If you still have issues getting it to run, try running it in safe mode. GMER is the only rk tool I know of that runs in safe mode. Please post that log too. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#13 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:11:35 PM

Posted 25 March 2010 - 05:51 PM

OK, having not yet completed a full review of the logs...and of course still waiting on the gmer log, there are a few other things you can do to help clear out some issues. The following software needs to go:

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 2
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Macromedia Flash Player 8
Macromedia Shockwave Player
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar

...all of these are out dated and have been exploited with the exception of the viewpoint software which is just plain and simply, foistware.

The Adobe reader, flash/macrodedia/shockwave player software, and the flash player active x and plugin all have been exploited. I sense these are actually the possible culprits that may have been behind the start of these issues. Along with these, having the out dated and exploited versions of java together creates a pretty volatile mixture.

Uninstall everything listed above and reboot when completed. Your only version of java that should remain is the update 17 that you already have installed. Even at that, it is also out of date...but fortunately not yet exploited. Nonetheless, you should update that as well but it's not necessary to uninstall it first. You can update the software using the software. To do this:
Open control panel. Double click the java icon (looks like a cup of coffee). Click the Update tab, then click the Update Now button at the bottom. Your update should start. Close the Java Control Panel when completed.

You can download the latest Adobe products for the flash player Here. Next, please click Here to download the latest reader...and you can click Here for the most up to date shockwave player.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#14 thatguyneedshelp

thatguyneedshelp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 27 March 2010 - 06:57 AM

Thanks for the list of potentially harmful programs! I uninstalled everything you recommended above. Only issue was one warning message while removing Flash Player 8.

Error 1905.Module
C:\Windows\system32\Macromed\Flash\Flash8.ocx
failed to unregister. HRESULT -2147220472
Contact your support personnell.

After reboot, GMER again froze and restarted the PC after about 2 minutes of scan.
I rebooted into safe mode and ran GMER again:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-26 16:50:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Josh\LOCALS~1\Temp\kwxyafob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs F6DC1400

---- EOF - GMER 1.0.15 ----




#15 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:11:35 PM

Posted 27 March 2010 - 11:06 AM

Good job thatguyneedshelp! From the looks of things now, your on board malwarebytes program should clean up the rest of your issues.

These entries in the log:
SSODL: nojigijud - {53536984-6de2-440b-83e3-f3987a4a1ede} - c:\windows\system32\napuruya.dll
STS: jugezatag: {53536984-6de2-440b-83e3-f3987a4a1ede} - c:\windows\system32\napuruya.dll

...belong to the fraudulent security program that you were stung with.

Run a manual update to mbam, then run a "quickscan". Post back THAT log. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users