Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP Infected, Can't Click Start/Open IE or Run Avast, Logs Posted


  • This topic is locked This topic is locked
2 replies to this topic

#1 Anomalant

Anomalant

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 02 November 2011 - 01:16 AM

I booted my system up and went to start a program and got some random error (of course I didn't write it down at the time, I didn't think anything of it). It kept popping up so I rebooted and now I can't seem to click my start button, I can't get avast to scan even in safe mode, and I have no system restore points. I ran Malwarebytes in safe mode and it gave me Adware.Softomate as one of the infections. I also tried Dr Web Cure It and Combofix (prior to reading the instructions. oops!). It says it removed it but I am still having problems. Perhaps that wasn't the root of the problem. Any help would be greatly appreciated. Thank you!

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 22:23:13 on 2011-11-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1786 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285249401998
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-21 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-21 17744]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-23 40384]
S3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashmaisv.exe" /service --> c:\program files\alwil software\avast4\ashMaiSv.exe [?]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-23 40384]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-11-02 04:56:11 98816 ----a-w- c:\windows\sed.exe
2011-11-02 04:56:11 518144 ----a-w- c:\windows\SWREG.exe
2011-11-02 04:56:11 256000 ----a-w- c:\windows\PEV.exe
2011-11-02 04:56:11 208896 ----a-w- c:\windows\MBR.exe
2011-11-02 04:31:18 -------- d-----w- c:\documents and settings\administrator\DoctorWeb
2011-11-02 04:17:10 -------- d-----w- C:\!KillBox
2011-11-02 04:12:15 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2011-11-02 03:48:08 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-11-02 03:19:01 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2011-10-21 23:32:33 -------- d-----w- c:\program files\MSECache
2011-10-21 00:51:13 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-21 00:51:07 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-21 00:50:38 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-21 00:48:50 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-21 00:48:44 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-21 00:48:14 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-10-21 00:48:14 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-21 00:47:53 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-20 04:55:29 -------- d-----w- c:\program files\Macromedia
2011-10-20 04:55:29 -------- d-----w- c:\program files\common files\Macromedia
2011-10-20 04:54:39 180224 ------w- c:\program files\common files\installshield\driver\10\intel 32\iGdiCnv.dll
2011-10-20 04:54:38 409600 ------w- c:\program files\common files\installshield\driver\10\intel 32\ISRT.dll
2011-10-20 04:54:38 32768 ------w- c:\program files\common files\installshield\driver\10\intel 32\objpscnv.dll
2011-10-20 04:54:38 266240 ------w- c:\program files\common files\installshield\driver\10\intel 32\IScrCnv.dll
2011-10-20 04:54:38 172032 ------w- c:\program files\common files\installshield\driver\10\intel 32\IUserCnv.dll
2011-10-20 04:54:36 761856 ------w- c:\program files\common files\installshield\driver\10\intel 32\IDriver.exe
2011-10-20 04:54:36 540772 ------w- c:\program files\common files\installshield\driver\10\intel 32\_ISRES1033.dll
.
==================== Find3M ====================
.
2011-10-12 13:19:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 22:24:00.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:32 PM

Posted 06 November 2011 - 09:14 AM

Please post the ComboFix log(s)

It will be located at c:\combofix.txt

then run the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:32 PM

Posted 15 November 2011 - 11:38 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users