Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Restore and Vista Manager virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 Lee3250

Lee3250

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 01 May 2011 - 03:16 PM

1. I have random audio playing when I am on my computer

2. I also receive IE Script error messages from advertisement websites constantly

3. I also ran combofix and was told throughout the scan that I had errors that needed to be fixed and to run chkdsk utility.

4. I cannot run chkdsk. I have followed every direction to force my computer into chkdsk upon reboot and it will not cooperate. When I run it as chkdsk I get many corrupt files which is why I want to run a full chkdsk upon boot but it won’t let me. I have gone into disk properties and checked the boxes to run chkdsk upon reboot and then gone into the msconfig boot area and checked the box for Safeboot which has worked in the past but this time nothing, just boots into safe mode.

5. This one is really low on my list but my computer is extremely slow now and hangs up on web pages when I am on the web looking for solutions to these issues.

I know my list of issues is lengthy; any help you can give me will be greatly appreciated!

Leigh Anne

Here are my logs:

DDS:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Leigh Anne at 14:38:24.42 on Sun 05/01/2011
Internet Explorer: 8.0.6001.19048
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.501.11 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\System32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Leigh Anne\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: cnet.com\download
Trusted Zone: download.com
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-21 64512]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-16 15232]
S3 Normandy;Normandy SR2;c:\windows\system32\drivers\Normandy.sys [2011-5-1 34560]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
.
=============== Created Last 30 ================
.
2011-05-01 17:57:38 -------- d-----w- c:\users\leigha~1\appdata\local\temp
2011-05-01 17:55:34 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-01 17:28:39 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2011-05-01 16:57:38 388096 ----a-r- c:\users\leigha~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-01 16:57:28 -------- d-----w- c:\program files\Trend Micro
2011-04-30 19:27:34 98816 ----a-w- c:\windows\sed.exe
2011-04-30 19:27:34 89088 ----a-w- c:\windows\MBR.exe
2011-04-30 19:27:34 256512 ----a-w- c:\windows\PEV.exe
2011-04-30 19:27:34 161792 ----a-w- c:\windows\SWREG.exe
2011-04-26 03:13:35 1006778 ----a-w- c:\program files\rkill.com
2011-04-26 03:01:12 -------- d-----w- c:\progra~2\MFAData
2011-04-25 01:26:36 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-04-25 01:26:35 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-04-25 01:26:27 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-04-25 01:26:24 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-04-25 01:26:19 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-04-25 01:26:13 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-04-25 01:26:12 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-04-25 01:26:12 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-04-25 01:26:06 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-04-25 01:26:06 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-04-25 01:26:04 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-04-25 01:25:57 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-04-25 01:25:55 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-25 01:25:55 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-25 01:25:46 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2011-04-25 01:25:44 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-04-25 01:25:39 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-04-25 01:25:31 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-04-25 01:25:09 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-25 01:25:02 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-04-25 01:23:54 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2011-04-25 01:22:58 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-04-25 01:20:53 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-25 00:58:08 -------- d--h--w- c:\windows\msdownld.tmp
2011-04-25 00:57:40 -------- d-----w- c:\windows\system32\directx
2011-04-23 04:52:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-23 04:52:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-21 22:06:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-20 01:25:35 -------- d-----w- c:\users\leigha~1\appdata\roaming\Malwarebytes
2011-04-20 01:25:08 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-19 10:00:51 777420 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-14 07:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-04-13 23:09:59 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-13 23:09:58 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-13 23:09:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-13 23:09:54 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-13 23:09:49 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-13 23:09:44 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-13 23:09:44 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-13 23:09:44 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-13 23:09:40 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-13 23:09:37 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-13 23:09:37 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-13 23:08:33 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-13 23:08:33 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-13 23:08:33 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-13 23:08:33 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 23:08:28 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-05 23:22:31 -------- d-----w- c:\program files\iPod
2011-04-05 23:22:13 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2011-05-01 02:28:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-24 21:10:44 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-21 22:29:39 125125640 ----a-w- c:\program files\Ad-Aware90Install_2011-03-16.exe
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-08-22 05:36:09 145615 ----a-w- c:\program files\bigfishgames_p81081291_s1_l1.exe
.
============= FINISH: 14:42:25.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:30 AM

Posted 09 May 2011 - 07:49 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:30 AM

Posted 14 May 2011 - 08:35 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users