Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google redirect, audio ads, and IE script errors


  • This topic is locked This topic is locked
4 replies to this topic

#1 vince1s1

vince1s1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 15 May 2011 - 11:57 AM

May 6th 2011, my cousin was having problems with google redirecting to various sites, then audio ads started to appear with nothing visible in the task manager to track. It has been 20 years since I dealt with this stuff as a former tech you can understand my position, its like I have been frozen in time with all the new advances that I have not kept up with. I am a little out gunned here, so I really need you help. You guys are the best, so that is why I am here. I have been reading Chris.wrx post who was working with Gringo, and I was impressed with the solid effort he put forth. I dont assume that the same fix will work here because the systems are set up different as well as trhe installed software so the only thing I deleted before I read this post was messenger running in the back ground thinking it would eliminate the audio ads. Of course I ran just about every available virus protection program out there with no change. I have to be honest before I read the post I did down load combo fix and realized it should not have been done because I was in an old post that had me rename it to username123. My apology for that mistake. So, without making any more changes I downloaded defogger and dds to be able to get the logs to you guys look over. Maybe it fixed it or maybe it damaged it, not sure, anyway after reading all the work you guys did for everybody, I prefer to trust your judgement over mine

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by LB at 11:16:20.94 on Sun 05/15/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.307 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\LB\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110511224352.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\lb\applic~1\mozilla\firefox\profiles\6ddlg1ou.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-5-11 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-5-11 84200]
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\clearwire\connection manager\clearwireDeviceDiagnosticsService.exe [2010-6-17 398848]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-5-11 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-5-11 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-5-11 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-5-11 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-5-11 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-5-11 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-5-11 141792]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2010-11-17 107856]
R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2010-1-25 3712]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-5-11 56064]
R3 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-5-11 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-5-11 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-5-11 88736]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-11-3 318464]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-11-3 51456]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2010-11-17 120144]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-5-11 52320]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-5-11 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-5-11 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2011-5-6 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2011-5-6 40552]
.
=============== Created Last 30 ================
.
2011-05-15 15:25:07 -------- d-sha-r- C:\cmdcons
2011-05-15 15:20:13 89088 ----a-w- c:\windows\MBR.exe
2011-05-15 15:20:08 98816 ----a-w- c:\windows\sed.exe
2011-05-15 15:20:08 256512 ----a-w- c:\windows\PEV.exe
2011-05-15 15:20:08 161792 ----a-w- c:\windows\SWREG.exe
2011-05-15 00:27:45 -------- d-----w- c:\docume~1\lb\applic~1\Malwarebytes
2011-05-15 00:27:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-15 00:27:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-15 00:27:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-14 21:44:36 -------- d-----w- c:\program files\common files\Sonic Shared
2011-05-14 21:44:33 -------- d-----w- c:\program files\Sonic
2011-05-14 21:21:46 -------- d-----w- c:\docume~1\lb\locals~1\applic~1\DFX
2011-05-14 21:20:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\DFX
2011-05-14 21:20:17 -------- d-----w- c:\program files\common files\DFX
2011-05-14 20:28:01 -------- d-----w- c:\docume~1\lb\applic~1\ParetoLogic
2011-05-14 20:28:01 -------- d-----w- c:\docume~1\lb\applic~1\DriverCure
2011-05-14 20:27:09 -------- d-----w- c:\program files\ParetoLogic
2011-05-14 20:27:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2011-05-14 02:14:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-14 02:14:35 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-05-14 02:14:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-13 22:10:55 -------- d-----w- c:\program files\Windows Media Connect 2
2011-05-13 22:07:08 -------- d-----w- c:\windows\system32\LogFiles
2011-05-13 21:36:20 39632 ----a-w- c:\windows\system32\drivers\swmsflt.sys
2011-05-13 21:36:20 -------- d-----w- c:\docume~1\lb\applic~1\Sierra Wireless
2011-05-13 21:33:25 -------- d-----w- c:\program files\common files\PctelEapPeer Authentication
2011-05-13 21:32:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Clearwire
2011-05-13 21:23:42 -------- d-sh--w- c:\documents and settings\lb\PrivacIE
2011-05-13 21:17:28 -------- d-sh--w- c:\documents and settings\lb\IETldCache
2011-05-13 21:06:36 -------- d--h--w- c:\windows\msdownld.tmp
2011-05-13 20:54:40 -------- dc-h--w- c:\windows\ie8
2011-05-13 20:38:20 -------- d-----w- C:\c9f16807fd31f5448a9f
2011-05-13 19:57:31 -------- d-----w- c:\docume~1\lb\applic~1\Clearwire
2011-05-13 19:57:29 -------- d-----w- c:\program files\Skyhook Wireless
2011-05-13 19:56:08 -------- d-----w- c:\program files\Clearwire
2011-05-13 19:53:42 -------- d-----w- c:\program files\CL
2011-05-12 05:12:02 -------- d-sh--w- c:\documents and settings\lb\UserData
2011-05-12 03:43:53 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-05-12 03:43:51 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-05-12 03:43:39 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-05-12 03:43:34 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-05-12 03:43:34 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-05-12 03:43:34 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-05-12 03:43:34 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-05-12 03:43:33 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-05-12 03:43:33 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-05-12 03:43:33 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-05-12 03:43:33 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-05-12 03:43:33 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-05-12 01:55:45 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2011-05-09 19:40:56 -------- d-----w- c:\docume~1\lb\locals~1\applic~1\Mozilla
2011-05-09 19:25:20 -------- d-----w- c:\docume~1\lb\applic~1\Lexmark Productivity Studio
2011-05-09 19:15:09 -------- d-----w- c:\docume~1\lb\locals~1\applic~1\Adobe
2011-05-09 18:25:21 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-05-06 23:28:17 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2011-05-06 23:26:01 -------- d-----w- c:\program files\common files\McAfee
2011-05-06 23:25:57 -------- d-----w- c:\program files\McAfee.com
2011-05-06 23:24:11 -------- d-----w- c:\program files\McAfee
2011-05-06 23:21:50 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.
==================== Find3M ====================
.
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 11:17:06.78 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/25/2010 7:26:35 PM
System Uptime: 5/15/2011 10:43:08 AM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 088C
Processor: Intel® Pentium® M processor 1.70GHz | U10 | 1388/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 65.76 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\6&EB96B62&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\6&EB96B62&0&2
Service: BthPan
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1217&DEV_7110&SUBSYS_088C103C&REV_00\4&16793A72&0&32F0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1217&DEV_7110&SUBSYS_088C103C&REV_00\4&16793A72&0&32F0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\IFX0101\4&32D50C2&0
Manufacturer:
Name:
PNP Device ID: ACPI\IFX0101\4&32D50C2&0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_088C103C&REV_03\3&61AAA01&0&FE
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_088C103C&REV_03\3&61AAA01&0&FE
Service:
.
==== System Restore Points ===================
.
RP311: 5/9/2011 1:21:43 PM - System Checkpoint
RP312: 5/9/2011 4:36:41 PM - Software Distribution Service 3.0
RP313: 5/9/2011 6:27:31 PM - Software Distribution Service 3.0
RP314: 5/10/2011 8:51:57 PM - Software Distribution Service 3.0
RP315: 5/13/2011 2:56:02 PM - Installed CLEAR Connection Manager.
RP316: 5/13/2011 3:45:01 PM - Software Distribution Service 3.0
RP317: 5/13/2011 3:56:50 PM - Installed Windows Internet Explorer 8.
RP318: 5/13/2011 3:58:48 PM - Software Distribution Service 3.0
RP319: 5/13/2011 4:30:54 PM - Removed CLEAR Connection Manager.
RP320: 5/13/2011 4:32:32 PM - Installed CLEAR Connection Manager.
RP321: 5/13/2011 5:02:38 PM - Installed Windows Media Player Firefox Plugin
RP322: 5/13/2011 5:03:47 PM - Installed Windows Media Player 11
RP323: 5/13/2011 5:05:14 PM - Software Distribution Service 3.0
RP324: 5/13/2011 9:12:06 PM - Removed Java™ 6 Update 18
RP325: 5/13/2011 9:13:25 PM - Installed Java™ 6 Update 25
RP326: 5/13/2011 9:45:40 PM - Spybot-S&D Spyware removal
RP327: 5/14/2011 6:42:40 AM - Software Distribution Service 3.0
RP328: 5/14/2011 7:25:58 AM - Spybot-S&D Spyware removal
RP329: 5/14/2011 11:03:15 AM - Software Distribution Service 3.0
RP330: 5/14/2011 2:51:22 PM - Installed Windows Media Player 11
RP331: 5/14/2011 2:51:43 PM - Software Distribution Service 3.0
RP332: 5/14/2011 4:44:31 PM - Installed Sonic CinePlayer DVD Pack
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
ATI - Software Uninstall Utility
ATI Display Driver
Broadcom 802.11 Driver
Broadcom NetXtreme Ethernet Controller
CLEAR Connection Manager
Combined Community Codec Pack 2008-09-21 16:18
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
HP Integrated Wireless LAN W400-W500 Driver
Java™ 6 Update 25
Lexmark 2600 Series
Lexmark Toolbar
Loki ActiveX Control
Malwarebytes' Anti-Malware
McAfee Internet Security
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB982132)
Sonic CinePlayer DVD Pack
SoundMAX
Spybot - Search & Destroy
Tweak UI
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
5/9/2011 9:48:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/9/2011 2:41:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
5/9/2011 12:47:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/9/2011 12:47:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/9/2011 12:45:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
5/9/2011 12:44:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/9/2011 12:44:37 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/9/2011 12:44:37 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/9/2011 12:44:37 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/9/2011 12:44:37 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/9/2011 12:44:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/9/2011 12:35:16 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
5/9/2011 10:15:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/9/2011 1:24:46 PM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
5/9/2011 1:18:23 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
5/15/2011 10:44:10 AM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
5/15/2011 10:43:52 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
5/15/2011 10:43:52 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL. Reference error message: The operation completed successfully. .
5/15/2011 10:43:52 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
5/10/2011 9:11:29 PM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 4 time(s).
5/10/2011 8:54:19 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
5/10/2011 8:50:07 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
5/10/2011 8:33:01 PM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
5/10/2011 8:31:04 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/10/2011 8:29:33 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:14 PM

Posted 15 May 2011 - 01:40 PM

Good evening. :)

I did down load combo fix and realized it should not have been done because I was in an old post that had me rename it to username123.

Did you run it, or just download it?

So long, and thanks for all the fish.

 

 


#3 vince1s1

vince1s1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 16 May 2011 - 08:33 PM

I ran it when i down loaded it. Interesting! as of yet after working with the computer since then, i have not experienced an issue relating to the orginal problem. I am skeptical that it is solved because of two reasons, the first being that it was an accident that I ran combofix under username123, and the second I am not experienced in analyzing the log information. So, with that said I guess I will have to play the waiting game and see if it will re appear. As soon as something comes up I will post right away, I donít want to make the same mistake twice.
Thank you very much for getting back to me. I honestly appreciate it.

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:14 PM

Posted 17 May 2011 - 01:13 PM

Good evening. :)

The CF log should have been stored as C:\Combofix.txt - if you post the contents, i'll take a look.

So long, and thanks for all the fish.

 

 


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:14 PM

Posted 22 May 2011 - 02:14 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users