Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help with malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 ajm133

ajm133

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 07 April 2010 - 06:33 AM

i originally posted this in the wrong forum. sorry about that.

hi,

i have some sort of malware issue----i get redirected to random webpages when using the internet.

mbam doesn't get rid of it----it seems to be connected with a registry entry that hijackthis finds (4th entry in the log below '017'), but when i delete that entry it eventually comes back.

anyway, i'd really like some help on this. here's my hijackthis log. thanks in advance.



Scan saved at 12:17:19, on 07/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCisco SystemsVPN Clientcvpnd.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSonyVAIO Event ServiceVESMgr.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSExplorer.EXE
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:Program FilesApointApoint.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesApointApntex.exe
C:Program FilesCisco SystemsVPN Clientvpngui.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:PROGRA~1IntelWirelessBinDot1XCfg.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesTrendMicroHiJackThisHiJackThis.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE

O4 - HKLM..Run: [IntelZeroConfig] "C:Program FilesIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [Apoint] C:Program FilesApointApoint.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O17 - HKLMSystemCCSServicesTcpip..{6CBE4B52-4E7F-49E4-BEE3-B06419111A0A}: NameServer = 129.67.1.180,163.1.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:Program FilesCisco SystemsVPN Clientcvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:Program FilesSonyVAIO Event ServiceVESMgr.exe

--
End of file - 3179 bytes

here are the DDS reports

please, i really need help with this one,


DS (Ver_10-03-17.01) - NTFSx86
Run by AJM at 21:45:03.28 on 07/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.619 [GMT 1:00]


============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k WudfServiceGroup
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
svchost.exe
svchost.exe
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:Program FilesCisco SystemsVPN Clientcvpnd.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesSonyVAIO Event ServiceVESMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wuauclt.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:Program FilesApointApoint.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:Program FilesApointApntex.exe
C:Program FilesCisco SystemsVPN Clientvpngui.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:PROGRA~1IntelWirelessBinDot1XCfg.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsAJMDesktopdds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
mRun: [IntelZeroConfig] "c:program filesintelwirelessbinZCfgSvc.exe"
mRun: [Apoint] c:program filesapointApoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {6CBE4B52-4E7F-49E4-BEE3-B06419111A0A} = 129.67.1.180,163.1.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: ComPlusSetup - c:windowssystem32catsrvut.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Notification Packages = scecli fusstub

============= SERVICES / DRIVERS ===============

R0 shpf;Sony HDD Protection Filter Driver;c:windowssystem32driversshpf.sys [2002-3-11 9216]
R1 vcdrom;Virtual CD-ROM Device Driver;c:windowssystem32driversVCdRom.sys [2008-1-29 8576]
R2 FdRedir;FdRedir;c:program filescommon filesprotector suite qldriversFdRedir.sys [2006-2-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:program filescommon filesprotector suite qldriversfiledisk.sys [2006-2-22 33024]
R3 IFXTPM;IFXTPM;c:windowssystem32driversifxtpm.sys [2006-10-18 36352]
R3 SPI;Sony Programmable I/O Control Device;c:windowssystem32driversSonyPI.sys [2006-10-16 37040]
R3 ti21sony;ti21sony;c:windowssystem32driversti21sony.sys [2006-10-18 226304]
R3 vsdatant;vsdatant;c:windowssystem32vsdatant.sys [2007-11-14 394952]
S1 cmd32.sys;cmd32.sys;??c:windowssystem32cmd32.sys --> c:windowssystem32cmd32.sys [?]
S4 gupdate1c9862f1fc5b8aa;Google Update Service (gupdate1c9862f1fc5b8aa);"c:program filesgoogleupdategoogleupdate.exe" /svc --> c:program filesgoogleupdateGoogleUpdate.exe [?]

=============== Created Last 30 ================

2010-04-07 19:18:18 98816 ----a-w- c:windowssed.exe
2010-04-07 19:18:18 77312 ----a-w- c:windowsMBR.exe
2010-04-07 19:18:18 261632 ----a-w- c:windowsPEV.exe
2010-04-07 19:18:18 161792 ----a-w- c:windowsSWREG.exe
2010-04-07 11:07:25 0 d-----w- c:program filesTrendMicro
2010-04-06 23:09:41 0 d-----w- c:docume~1ajmapplic~1Trusteer
2010-04-06 22:54:42 0 d-----w- c:program filesPartyGaming
2010-04-06 22:06:43 0 d-----w- c:docume~1alluse~1applic~1Trusteer
2010-04-06 21:57:34 0 d-----w- c:docume~1ajmapplic~1UB
2010-04-06 18:58:18 95024 ----a-w- c:windowssystem32driversSBREDrv.sys
2010-04-06 18:54:53 0 d-----w- c:program filesLavasoft
2010-04-06 17:17:47 120 ----a-w- c:windowsOfosasutiyayiyo.dat
2010-04-06 17:17:47 0 ----a-w- c:windowsFvafi.bin
2010-04-05 23:03:46 71680 ----a-w- c:windowssystem32klgd.bmp
2010-04-05 23:03:46 23162 ----a-w- c:windowssystem32enb
2010-04-01 20:20:45 0 d-----w- c:docume~1alluse~1applic~1NJStar
2010-04-01 20:17:40 397 ----a-w- c:windowsNJCOM.INI
2010-04-01 20:17:37 0 d-----w- c:docume~1ajmapplic~1NJStar
2010-04-01 20:17:32 0 d-----w- c:program filesNJStar Communicator
2010-03-23 17:38:34 0 d-----w- c:docume~1ajmapplic~1BitTorrent
2010-03-23 17:38:29 0 d-----w- c:program filesBitTorrent
2010-03-20 16:58:34 0 d-----w- c:docume~1ajmapplic~1JustVoip

==================== Find3M ====================

2010-03-29 23:46:30 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-03-29 23:45:52 20824 ----a-w- c:windowssystem32driversmbam.sys
2009-10-07 14:21:20 12445 ----a-w- c:program filescommon fileskuket.exe
2009-10-07 14:21:20 12182 ----a-w- c:program filescommon filesycatoq.pif
2009-10-07 14:13:20 19627 ----a-w- c:program filescommon filesugunyq.db
2009-10-07 14:12:27 17977 ----a-w- c:program filescommon filesuhohoviv._dl
2007-02-01 17:02:54 313344 ----a-w- c:program fileshjsplit.exe
2008-04-12 15:31:09 11270 --sha-w- c:windowssystem32KGyGaAvL.sys
2009-12-30 18:54:02 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009122120091228index.dat
2009-12-30 18:54:02 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009123020091231index.dat

============= FINISH: 21:46:18.45 ===============









UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume1
Install Date: 23/12/2009 19:28:22
System Uptime: 04/07/2010 21:41:34 (-2112 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Genuine Intel® CPU T2500 @ 2.00GHz | N/A | 2000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, 41.842 GiB free.
D: is CDROM ()
F: is Removable
V: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Personal Area Network from TOSHIBA
Device ID: BLUETOOTH0004&00070000
Manufacturer: Toshiba
Name: Bluetooth Personal Area Network from TOSHIBA
PNP Device ID: BLUETOOTH0004&00070000
Service: tosrfnds

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394NIC1394224A9738004603
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394NIC1394224A9738004603
Service: NIC1394

==== System Restore Points ===================

RP22: 07/01/2010 18:37:40 - System Checkpoint
RP23: 09/01/2010 20:13:03 - System Checkpoint
RP24: 11/01/2010 14:21:35 - System Checkpoint
RP25: 12/01/2010 14:51:32 - System Checkpoint
RP26: 13/01/2010 16:24:31 - System Checkpoint
RP27: 14/01/2010 20:59:07 - System Checkpoint
RP28: 16/01/2010 00:41:10 - System Checkpoint
RP29: 18/01/2010 13:10:34 - System Checkpoint
RP30: 19/01/2010 14:00:22 - System Checkpoint
RP31: 20/01/2010 15:52:20 - System Checkpoint
RP32: 21/01/2010 15:59:46 - System Checkpoint
RP33: 22/01/2010 20:21:51 - System Checkpoint
RP34: 24/01/2010 14:16:43 - System Checkpoint
RP35: 25/01/2010 22:05:55 - System Checkpoint
RP36: 26/01/2010 23:40:59 - System Checkpoint
RP37: 28/01/2010 09:39:41 - System Checkpoint
RP38: 29/01/2010 14:46:16 - System Checkpoint
RP39: 01/02/2010 17:54:01 - System Checkpoint
RP40: 02/02/2010 17:23:32 - Installed DirectX
RP41: 02/02/2010 17:24:36 - Installed DirectX
RP42: 03/02/2010 17:59:04 - System Checkpoint
RP43: 04/02/2010 19:32:18 - System Checkpoint
RP44: 05/02/2010 20:39:47 - System Checkpoint
RP45: 07/02/2010 12:55:17 - System Checkpoint
RP46: 08/02/2010 14:17:35 - System Checkpoint
RP47: 09/02/2010 21:29:00 - System Checkpoint
RP48: 10/02/2010 22:01:56 - System Checkpoint
RP49: 12/02/2010 11:24:09 - System Checkpoint
RP50: 14/02/2010 02:03:02 - System Checkpoint
RP51: 15/02/2010 16:01:17 - System Checkpoint
RP52: 17/02/2010 10:37:26 - System Checkpoint
RP53: 18/02/2010 14:40:33 - System Checkpoint
RP54: 19/02/2010 14:41:37 - System Checkpoint
RP55: 20/02/2010 15:21:28 - System Checkpoint
RP56: 21/02/2010 17:21:44 - System Checkpoint
RP57: 23/02/2010 12:32:27 - System Checkpoint
RP58: 23/02/2010 13:50:24 - Installed Microsoft Office PowerPoint Viewer 2007 (English)
RP59: 26/02/2010 17:50:55 - Installed Windows Internet Explorer 8.
RP60: 26/02/2010 18:18:54 - Removed Microsoft Games for Windows - LIVE Redistributable
RP61: 26/02/2010 18:20:43 - Removed Microsoft Games for Windows - LIVE
RP62: 26/02/2010 18:21:10 - Removed Microsoft Office Enterprise 2007
RP63: 28/02/2010 12:37:49 - System Checkpoint
RP64: 01/03/2010 17:54:27 - System Checkpoint
RP65: 02/03/2010 18:48:24 - System Checkpoint
RP66: 03/03/2010 20:09:35 - System Checkpoint
RP67: 04/03/2010 21:01:17 - System Checkpoint
RP68: 06/03/2010 10:16:53 - System Checkpoint
RP69: 07/03/2010 14:10:49 - System Checkpoint
RP70: 08/03/2010 17:29:47 - System Checkpoint
RP71: 09/03/2010 17:58:57 - System Checkpoint
RP72: 11/03/2010 13:15:12 - System Checkpoint
RP73: 13/03/2010 15:12:52 - System Checkpoint
RP74: 14/03/2010 15:50:53 - System Checkpoint
RP75: 15/03/2010 16:55:11 - System Checkpoint
RP76: 16/03/2010 17:09:05 - System Checkpoint
RP77: 17/03/2010 17:57:00 - System Checkpoint
RP78: 18/03/2010 19:02:15 - System Checkpoint
RP79: 19/03/2010 22:03:43 - System Checkpoint
RP80: 20/03/2010 20:25:56 - Installed The Official DSA Theory Test for Car Drivers
RP81: 22/03/2010 14:49:47 - System Checkpoint
RP82: 23/03/2010 22:59:01 - System Checkpoint
RP83: 25/03/2010 13:46:57 - System Checkpoint
RP84: 26/03/2010 14:42:10 - System Checkpoint
RP85: 27/03/2010 18:01:06 - System Checkpoint
RP86: 28/03/2010 22:03:46 - System Checkpoint
RP87: 30/03/2010 18:29:02 - System Checkpoint
RP88: 31/03/2010 18:42:48 - Configured The Official DSA Theory Test for Car Drivers
RP89: 01/04/2010 21:48:47 - System Checkpoint
RP90: 03/04/2010 12:54:34 - System Checkpoint
RP91: 04/04/2010 16:10:46 - System Checkpoint
RP92: 06/04/2010 16:09:42 - System Checkpoint
RP93: 07/04/2010 00:09:24 - Installed Rapport
RP94: 07/04/2010 11:46:53 - Removed Rapport
RP95: 07/04/2010 12:07:24 - Installed HiJackThis

==== Installed Programs ======================

AC3Filter (remove only)
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
AutoUpdate
BitTorrent
BlueSquare Poker
Bluetooth Stack for Windows by Toshiba
Cisco Systems VPN Client 5.0.04.0300
Combined Community Codec Pack 2009-09-09
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Plus Web Player
Foxit PDF Editor
Free Download Manager 2.1
GGPO
Google Earth
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HiJackThis
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel® PROSet/Wireless Software
iTunes
JabRef
JabRef 2.3.1
Java™ 6 Update 14
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mEoU
mHelp
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MiKTeX 2.6
Mirar
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
mZConfig
NJStar Communicator
NVIDIA Drivers
NVIDIA PureVideo Decoder
OGA Notifier 2.0.0048.0
Protector Suite QL 5.3
QuickTime
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Setting Utility Series
SigmaTel Audio
Skype™ 4.1
SmartWi Connection Utility
Sony Ericsson Wireless Modem
Sony Utilities DLL
System Requirements Lab
TeXnicCenter Version 1 Beta 7.01 (Greengrass)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Camera Utility
VAIO Event Service
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6c
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Communication Foundation
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wireless Switch Setting Utility

==== Event Viewer Messages From Past Week ========

04/04/2010 08:33:24, error: Service Control Manager [7000] - The vsdatant service failed to start due to the following error: The system cannot find the file specified.
03/04/2010 13:20:00, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
03/04/2010 13:20:00, error: sptd [4] - Driver detected an internal error in its data structures for .
03/04/2010 13:19:57, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: shpf
03/04/2010 13:19:57, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
03/04/2010 13:19:57, error: Service Control Manager [7002] - The Routing and Remote Access service depends on the NetBIOSGroup group and no member of this group started.
03/04/2010 10:59:39, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
03/04/2010 10:56:05, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
03/04/2010 10:53:59, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
03/04/2010 10:53:05, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall Fips intelppm IPSec NetBT nvport RasAcd Tcpip Tosrfcom
03/04/2010 10:53:05, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
03/04/2010 10:53:05, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
03/04/2010 10:53:05, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
03/04/2010 10:53:05, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
03/04/2010 10:51:46, error: SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread

==== End Of File ===========================

Merged 2 posts ~BP

Edited by Budapest, 07 April 2010 - 04:42 PM.


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:15 AM

Posted 10 April 2010 - 07:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

PW

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 AM

Posted 22 April 2010 - 09:19 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users