Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Remnants of Antispyware Soft


  • This topic is locked This topic is locked
6 replies to this topic

#1 SomeoneWeird

SomeoneWeird

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 27 May 2010 - 09:09 PM

Around 24 hours ago, Java popped up unexpectedly, without prompt; it seemed like it was loading something. Indeed it was, for shortly afterward, my computer was riddled with Antispyware Soft. I managed to get rid of it using Malwarebytes, after renaming the Malwarebytes exe file (MBAM.exe) to firefox.exe, since I noticed that Firefox was still working.

It seemed to get rid of everything, but when the computer restarted, I noticed a few strange things. (1) The "theme" of the login window had changed from a Windows XP theme to a Windows Classic one (not really important, but interesting to note). (2) I could not log onto the internet; the DNS was not being properly "registered." I eventually worked my way around this by manually setting my IP address and DNS server. (3) Windows Media Player cannot play the file because there seems to be a problem with your sound device. I can get no sound from anything no matter what I try. (4) Google Chrome does not work. (5) Video card-related failure messages are becoming increasingly common.

I did a google search and found that others had also reported losing sound, Chrome functionality, and internet after removing Antispyware Soft. I removed and reinstalled my sound drivers to no avail.

I ran another Malwarebytes scan, a full scan this time, along with an ESET online scan. ~30 items were deleted this time, but absolutely nothing changed (in fact, it seems to have gotten even worse).

For some reason, the browser freezes (both internet explorer and firefox) when I try to attach anything, so here are all of my logs within the message. Sorry about that.

DDS Log:



DDS (Ver_10-03-17.01) - NTFSx86
Run by Parent at 15:33:05.17 on Thu 05/27/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1307 [GMT -7:00]

AV: McAfee Managed VirusScan *On-access scanning enabled* (Outdated) {8C354827-2F54-4E28-90DC-AD391E77808C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Parent\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.k12.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Aim6]
uRun: [Google Update] "c:\documents and settings\parent\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [McAfee Managed Services Tray] c:\program files\mcafee\managed virusscan\agent\myAgtTry.Exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [Ghixupeyeguw] rundll32.exe "c:\windows\ejuxubace.dll",Startup
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
StartupFolder: c:\docume~1\parent\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226182048281
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=24931
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {FDBBD524-06DE-4B8C-97C7-D45BAA2694C6} = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\parent\applic~1\mozilla\firefox\profiles\666059a4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - plugin: c:\documents and settings\parent\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {D7C77D13-A6F7-4E54-8880-FF1EB49EB093} - c:\documents and settings\parent\local settings\application data\{D7C77D13-A6F7-4E54-8880-FF1EB49EB093}

============= SERVICES / DRIVERS ===============

R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-7-14 27992]
R2 myAgtSvc;McAfee Managed Services Agent;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2008-8-11 86016]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-8 24652]
R3 CAM1690;USB PC Camera;c:\windows\system32\drivers\cam1690.sys [2007-11-21 181888]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [2009-10-28 42880]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-7 27632]
S0 rmklq;rmklq;c:\windows\system32\drivers\rhban.sys --> c:\windows\system32\drivers\rhban.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\common files\binarysense\disksvc.exe" --> c:\program files\common files\binarysense\disksvc.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [2009-8-27 16512]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-28 25832]
S3 McShield;McShield;"c:\program files\mcafee\managed virusscan\vscan\mcshield.exe" --> c:\program files\mcafee\managed virusscan\vscan\McShield.exe [?]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2008-8-11 108672]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys --> c:\windows\system32\drivers\RT2860.sys [?]

=============== Created Last 30 ================

2010-05-27 22:32:29 0 ----a-w- c:\documents and settings\parent\defogger_reenable
2010-05-27 22:21:20 538112 ----a-r- c:\windows\system32\stapo.dll
2010-05-27 22:21:20 391680 ----a-r- c:\windows\system32\stapi32.dll
2010-05-27 22:21:20 340992 ----a-r- c:\windows\system32\stcplx.dll
2010-05-27 19:03:32 0 d-----w- c:\program files\ESET
2010-05-27 18:57:55 0 d-----w- C:\Combo-Fix
2010-05-27 18:52:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 18:52:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 18:52:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 00:38:43 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-23 10:05:45 23 ----a-w- c:\windows\system32\sysmwwod.dll
2010-05-23 10:03:59 0 d-----w- c:\program files\MP3 WAV WMA Converter

==================== Find3M ====================

2010-05-27 22:23:05 950 ----a-w- c:\windows\system32\drivers\stwrte.log
2010-03-10 08:02:04 417792 ----a-w- c:\windows\system32\vbscript.dll
2009-09-11 19:38:50 14743 ----a-w- c:\program files\common files\cucuz.sys
2009-09-11 19:36:46 19996 ----a-w- c:\program files\common files\izix.scr
2009-03-20 18:22:12 114 ----a-w- c:\program files\r2s.exe
2009-03-17 06:53:41 1 ----a-w- c:\program files\plugin.dat
2006-07-19 19:53:29 51340 ---ha-w- c:\program files\logs.dat

============= FINISH: 15:33:43.98 ===============

Thanks for the helpful edit, Orange Blossom. I sent the DDS.txt to another computer, and it looks like I'm able to post the rest from here.

Attached Files


Edited by SomeoneWeird, 27 May 2010 - 10:00 PM.
Pasted in a bit more log from one of the duplicates. ~ OB


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:57 PM

Posted 29 May 2010 - 06:17 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:57 PM

Posted 01 June 2010 - 04:21 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 SomeoneWeird

SomeoneWeird
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 03 June 2010 - 05:52 AM

Hello, yes I still do need help. I'm sorry it's taken so long for me to post a log; I was out of town for a bit longer than I thought I would be. I'll make sure to post it tomorrow morning (or rather later this morning). Thanks again.

Edited by SomeoneWeird, 03 June 2010 - 05:52 AM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:57 PM

Posted 03 June 2010 - 05:35 PM

thumbup2.gif
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:57 PM

Posted 06 June 2010 - 02:01 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:57 PM

Posted 09 June 2010 - 03:33 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users