Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with System Fix Virus


  • This topic is locked This topic is locked
7 replies to this topic

#1 uvantu

uvantu

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 07 December 2011 - 03:50 PM

I mistakenly responded to the System Fix warning and now have it. I'm running XP and have followed the instructions on the BC website for removal:
updated and ran Rkill, TDSSKiller and Malwarebytes. I've actually run Malwarebytes twice, the first time it found and removed a few, the second time it didn't find anything but System Fix is still on my desktop and quick launch bar. I don't know if their only icons or still the tip of the iceberg. Everything has been run in safemode. I also ran Unhide and got most of my desktop icons back but not all. If MB was successful in removing System Fix would the icons have gone too, or am I correct in assuming it's still on the machine?? Thank you for your help.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 PM

Posted 07 December 2011 - 07:57 PM

Hello lets do this.

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 uvantu

uvantu
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 08 December 2011 - 05:09 PM

Hi Boopme,

Thank you for your help. I've followed your instructions and ran both SAS and Mbam. During the Mbam scan in normal mode, MS Security Essentials picked up a couple of files and Mbam picked up a third. The log is below. There are no longer any System Fix icons on the desktop or quicklaunch so is it safe to assume it's gone? As I mentioned in the earlier post, I ran "Unhide" but I'm still missing some links to programs I need regularly from the desktop as well as a flash drive that happened to be plugged in when the infection occured. Is it possible to get them back? Other than that, the machine seems to be ok. Thanks again.



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8334

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/8/2011 4:32:05 PM
mbam-log-2011-12-08 (16-32-05).txt

Scan type: Full scan (C:\|G:\|)
Objects scanned: 277179
Time elapsed: 5 hour(s), 56 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP570\A0065472.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 PM

Posted 08 December 2011 - 08:23 PM

Hi, I think we can.

Run this script >> WIN XP


I also want to looks at your system...

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



One more scan to see what may be left....
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 uvantu

uvantu
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 09 December 2011 - 06:52 AM

Hi Boop,

I've run WinXp and unfortunately nothing has changed. I did manage to replace two of the needed shortcuts for my desktop but the flash drive and many of the start menu folders still appear to be empty. I also ran MiniToolBox and ESET Scanner, and the MiniTool Box report is below. ESET Scanner did not find any threats so there was no report. As always, thanks for your help.

uvantu


MiniToolBox by Farbar
Ran by Uvantu (administrator) on 08-12-2011 at 22:16:23
Microsoft Windows XP Professional Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Dolphin

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : maine.rr.com



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1D-09-AF-42-C9



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . : maine.rr.com

Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-16-44-E4-3A-91

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Thursday, December 08, 2011 10:10:01 PM

Lease Expires . . . . . . . . . . : Friday, December 09, 2011 10:10:01 PM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.113.104, 74.125.113.105, 74.125.113.106, 74.125.113.147
74.125.113.99, 74.125.113.103



Pinging google.com [74.125.113.147] with 32 bytes of data:



Reply from 74.125.113.147: bytes=32 time=82ms TTL=50

Reply from 74.125.113.147: bytes=32 time=63ms TTL=50



Ping statistics for 74.125.113.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 63ms, Maximum = 82ms, Average = 72ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=117ms TTL=51

Reply from 98.137.149.56: bytes=32 time=115ms TTL=51



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 115ms, Maximum = 117ms, Average = 116ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 09 af 42 c9 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 16 44 e4 3a 91 ...... Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 25
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 25
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 25
255.255.255.255 255.255.255.255 192.168.1.100 2 1
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 vlsp.dll [File Not found] ()
Catalog9 02 vlsp.dll [File Not found] ()
Catalog9 03 vlsp.dll [File Not found] ()
Catalog9 04 vlsp.dll [File Not found] ()
Catalog9 05 vlsp.dll [File Not found] ()
Catalog9 06 vlsp.dll [File Not found] ()
Catalog9 07 vlsp.dll [File Not found] ()
Catalog9 08 vlsp.dll [File Not found] ()
Catalog9 09 vlsp.dll [File Not found] ()
Catalog9 10 vlsp.dll [File Not found] ()
Catalog9 11 vlsp.dll [File Not found] ()
Catalog9 12 vlsp.dll [File Not found] ()
Catalog9 13 vlsp.dll [File Not found] ()
Catalog9 14 vlsp.dll [File Not found] ()
Catalog9 15 vlsp.dll [File Not found] ()
Catalog9 16 vlsp.dll [File Not found] ()
Catalog9 17 vlsp.dll [File Not found] ()
Catalog9 18 vlsp.dll [File Not found] ()
Catalog9 19 vlsp.dll [File Not found] ()
Catalog9 20 vlsp.dll [File Not found] ()
Catalog9 21 vlsp.dll [File Not found] ()
Catalog9 22 vlsp.dll [File Not found] ()
Catalog9 23 vlsp.dll [File Not found] ()
Catalog9 24 vlsp.dll [File Not found] ()
Catalog9 25 vlsp.dll [File Not found] ()
Catalog9 26 C:\WINDOWS\system32\biolsp.dll [212992] (Wave Systems Corp.)
Catalog9 27 C:\WINDOWS\system32\biolsp.dll [212992] (Wave Systems Corp.)
Catalog9 28 C:\WINDOWS\system32\biolsp.dll [212992] (Wave Systems Corp.)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 34 C:\WINDOWS\system32\biolsp.dll [212992] (Wave Systems Corp.)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 55 vlsp.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/08/2011 10:00:43 PM) (Source: nview_info) (User: )
Description: NVIEW : Explorer: Entered Mutex Recovery Code. NView (and Mutexes) are not enabled.

Error: (12/08/2011 10:00:43 PM) (Source: nview_info) (User: )
Description: NVIEW : Explorer: Mutex Recovery Code - mutex still stuck - PID:a70 now has a back count of:1.

Error: (12/08/2011 10:00:23 PM) (Source: nview_info) (User: )
Description: NVIEW : Explorer: Mutex Recovery Code - after 5 seconds, mutex still stuck. NView (and Mutexes) are now disabled.

Error: (12/08/2011 10:00:23 PM) (Source: nview_info) (User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (thread 0x9e4) (cmdName:Explorer.EXE) WindowManager.cpp 3395

Error: (12/08/2011 10:00:23 PM) (Source: nview_info) (User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (thread 0x9e4) (cmdName:Explorer.EXE) WindowManager.cpp 3395

Error: (12/08/2011 10:00:23 PM) (Source: nview_info) (User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (thread 0x9e4) (cmdName:Explorer.EXE) WindowManager.cpp 3395

Error: (12/08/2011 10:00:23 PM) (Source: nview_info) (User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (tid: 0x9e4) (pid: 0xa70)

Error: (12/08/2011 10:00:23 PM) (Source: nview_info) (User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (tid: 0x9e4) (pid: 0xa70)

Error: (12/08/2011 10:00:23 PM) (Source: nview_info) (User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (tid: 0x9e4) (pid: 0xa70)

Error: (12/08/2011 10:00:23 PM) (Source: nview_info) (User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT: (process 0xa70) (thread 0xd20) (wait 0x6) (pwait 0x4)


System errors:
=============
Error: (12/08/2011 10:09:37 PM) (Source: WMPNetworkSvc) (User: )
Description: A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0x80070057'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Error: (12/08/2011 10:09:32 PM) (Source: WMPNetworkSvc) (User: )
Description: A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0x80070057'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Error: (12/08/2011 10:08:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (12/08/2011 10:08:27 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (12/08/2011 10:08:27 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

Error: (12/08/2011 10:08:27 PM) (Source: Service Control Manager) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (12/08/2011 10:00:16 PM) (Source: Service Control Manager) (User: )
Description: The Venturi2 Client service terminated unexpectedly. It has done this 1 time(s).

Error: (12/08/2011 04:44:41 PM) (Source: WMPNetworkSvc) (User: )
Description: A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0x80070057'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Error: (12/08/2011 04:44:29 PM) (Source: WMPNetworkSvc) (User: )
Description: A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0x80070057'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Error: (12/08/2011 04:43:09 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (12/08/2011 10:00:43 PM) (Source: nview_info)(User: )
Description: NVIEW : Explorer: Entered Mutex Recovery Code. NView (and Mutexes) are not enabled.

Error: (12/08/2011 10:00:43 PM) (Source: nview_info)(User: )
Description: NVIEW : Explorer: Mutex Recovery Code - mutex still stuck - PID:a70 now has a back count of:1.

Error: (12/08/2011 10:00:23 PM) (Source: nview_info)(User: )
Description: NVIEW : Explorer: Mutex Recovery Code - after 5 seconds, mutex still stuck. NView (and Mutexes) are now disabled.

Error: (12/08/2011 10:00:23 PM) (Source: nview_info)(User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (thread 0x9e4) (cmdName:Explorer.EXE) WindowManager.cpp 3395

Error: (12/08/2011 10:00:23 PM) (Source: nview_info)(User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (thread 0x9e4) (cmdName:Explorer.EXE) WindowManager.cpp 3395

Error: (12/08/2011 10:00:23 PM) (Source: nview_info)(User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (thread 0x9e4) (cmdName:Explorer.EXE) WindowManager.cpp 3395

Error: (12/08/2011 10:00:23 PM) (Source: nview_info)(User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (tid: 0x9e4) (pid: 0xa70)

Error: (12/08/2011 10:00:23 PM) (Source: nview_info)(User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (tid: 0x9e4) (pid: 0xa70)

Error: (12/08/2011 10:00:23 PM) (Source: nview_info)(User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (tid: 0x9e4) (pid: 0xa70)

Error: (12/08/2011 10:00:23 PM) (Source: nview_info)(User: )
Description: NVIEW : Explorer: WAIT_TIMEOUT: (process 0xa70) (thread 0xd20) (wait 0x6) (pwait 0x4)


=========================== Installed Programs ============================

1500 Best-Selling Home Plans - CD3DHA (Version: 1.6.0)
3D Home Architect Home Design Deluxe 6 (Version: 6.00.0000)
7-Zip 4.65
ACT! (Version: 8.00.0000)
ACT! 2006 (Version: 8.02.0000)
Adobe Acrobat 7.0 Professional (Version: 7.1.0)
Adobe Acrobat 7.1.0 Professional (Version: 7.1.0)
Adobe Flash Player 10 Plugin (Version: 10.2.152.32)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.0) (Version: 10.1.0)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.2.120)
Audible Download Manager (Version: 6.6.0.12)
AudibleManager (Version: 2089882838.2089882900.2090328352.2089882858)
Avanquest update (Version: 1.29)
Bandisoft MPEG-1 Decoder
biolsp patch (Version: 01.00.01.0010)
BJC-250 Series
Bonjour (Version: 2.0.4.0)
Broadcom ASF Management Applications (Version: 10.13.02)
Broadcom Gigabit Integrated Controller (Version: 10.15.08)
Broadcom Management Programs (Version: 10.15.01)
Broadcom TPM Driver Installer (Version: 8.04.04)
Brother HL-5170DN
Browntech Image Plugin 2.00 (Version: 2.00.0000)
BufferChm (Version: 53.0.13.000)
Canon Camera Access Library (Version: 8.5.0.2)
Canon Digital Camera USB WIA Driver
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.1.2)
Canon MOV Decoder (Version: 1.8.0.7)
Canon Utilities CameraWindow DC 8 (Version: 8.4.0.3)
Canon Utilities CameraWindow Launcher (Version: 7.5.0.2)
Canon Utilities MyCamera (Version: 7.4.0.2)
CCleaner (Version: 3.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant HDA D330 MDC V.92 Modem
Dell Embassy Trust Suite by Wave Systems (Version: 02.00.00.039)
Dell Resource CD (Version: 1.00.0000)
Dell Support 3.2.1 (Version: 5.5.2087)
Dell Touchpad (Version: Version 7.1.101.6)
Dell Wireless WLAN Card (Version: 4.170.25.12)
Destinations (Version: 53.0.13.000)
DetectorTools (Version: 1.8.0)
DeviceFunctionQFolder (Version: 1.00.0000)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Line Detect (Version: 1.21)
dj_sf_software_req (Version: 90.0.235.000)
Document Manager Lite (Version: 05.06.00.005)
EMBASSY Security Center (Version: 03.00.00.036)
EMBASSY Security Setup (Version: 03.00.00.035)
EMBASSY Trust Suite by Wave Systems (Version: 2.00.00.039)
eNeighborhoods ()
EPSON Printer Software
ESC Home Page Plugin (Version: 03.00.00.013)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
ETS Upgrade (Version: 02.00.00.012)
FLV Player (Version: 1.33 FC)
Fourelle Venturi Personal Client 2.1.1
Foxit Reader (Version: 4.3.0.1110)
GeoPDF Toolbar (Version: 4.01.0105)
Google Earth (Version: 6.1.0.5001)
Google SketchUp 8 (Version: 3.0.4811)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.1536.6592)
GoToAssist Corporate (Version: 10.0.0.683)
GoToAssist Customer 1.6.0.290 (Version: 1.6.0.290)
Greeting Card Factory Deluxe (Version: 5.0.0.12)
HP Deskjet 5400 series (Version: 5.0)
HP Deskjet 6900 series (Version: 6.0)
HP Deskjet Printer Driver Software 9.0 (Version: 9.0)
HP Driver Diagnostics (Version: 1.03.0009)
HP Imaging Device Functions 5.0 (Version: 5.0)
HP Photosmart Plus B210 series Basic Device Software (Version: 22.50.231.0)
HP Photosmart Plus B210 series Help (Version: 140.0.54.54)
HP Software Update (Version: 3.0.5.001)
HP Solution Center & Imaging Support Tools 5.0 (Version: 5.0)
HPDeskjet5400Series (Version: 1.00.0000)
HPProductAssistant (Version: 53.0.13.000)
Inkscape 0.48.2 (Version: 0.48.2)
IntelliSonic Speech Enhancement (Version: 2.1.37)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 10.1.2.17)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0)
Microsoft Office PowerPoint Viewer 2003 (Version: 11.0.8305.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 6-9 Converter (Version: 9.7.0621)
MLX Professional Synchronization Tool (Version: 2.00.2634)
Modem Diagnostic Tool (Version: 1.0.20.0)
Motorola Driver Installation 4.5.0 (Version: 4.5.0)
Motorola Phone Tools (Version: 4.30)
Motorola Phone Tools (Version: 5.00)
Motorola Phone Tools (Version: 5.31a 05/13/2010)
Mozilla Firefox (3.6.13) (Version: 3.6.13 (en-US))
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
NTRU TCG Software Stack (Version: 2.1.12)
NVIDIA Drivers
O2Micro USB Smart Card Reader (Version: 1.00.0000)
Pando Media Booster (Version: 2.3.5.1)
Photo Story 3 for Windows (Version: 3.0.1115.11)
PowerDVD (Version: 7.0)
Preboot Manager (Version: 2.0.0.102)
Private Information Manager (Version: 05.05.00.022)
Quicken 2011 (Version: 20.1.8.6)
Quicken WillMaker Plus 2011
QuickSet (Version: 8.1.12)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio Update Manager (Version: 3.0.0)
Scrabble Complete
SearchAssist
Secunia PSI (2.0.0.3001)
Secure Update (Version: 05.03.00.011)
Security Wizards (Version: 01.03.00.021)
Segoe UI (Version: 14.0.4327.805)
SigmaTel Audio (Version: 5.10.5210.0)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
Snapshot Viewer
SolutionCenter (Version: 50.0.152.000)
Sonic Activation Module (Version: 1.0)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.5 (Version: 4.5.0)
Status (Version: 53.0.13.000)
SUPERAntiSpyware (Version: 5.0.1136)
System Requirements Lab
TomTom HOME 2.8.1.2218 (Version: 2.8.1.2218)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toolbox (Version: 90.0.146.000)
TrayApp (Version: 53.0.13.000)
upekmsi (Version: 02.00.02.0010)
URL Assistant
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Wave Infrastructure Installer (Version: 03.05.10.0050)
Wave Support Software (Version: 05.04.00.018)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
Windows Defender (Version: 1.1.1593.21)
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0) (Version: 09/25/2006 6.0.0.0)
Windows Driver Package - Escort, Inc. (usbser) Ports (07/28/2010 1.0.0.0) (Version: 07/28/2010 1.0.0.0)
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7) (Version: 02/05/2007 1.1.3.7)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 20.0.2011.2)
WordBiz version 1.8 (Version: 1.8)
Yahoo! Messenger
zipForm6 (Version: 1.0.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 73%
Total physical RAM: 1021.89 MB
Available physical RAM: 273.43 MB
Total Pagefile: 2459.24 MB
Available Pagefile: 1794.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.22 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.45 GB) (Free:34.77 GB) NTFS
3 Drive g: () (Removable) (Total:3.77 GB) (Free:0.25 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator Guest HelpAssistant
SUPPORT_388945a0 Uvantu

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 PM

Posted 09 December 2011 - 04:07 PM

OK ,I believe I see evidence of a Zeroacess rootkit in your MINI log. This will require some specilized tools.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 uvantu

uvantu
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 10 December 2011 - 11:52 AM

Hi Boop,

I did as you instructed and am now waiting on a reply. Thank you.

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:00 PM

Posted 10 December 2011 - 02:28 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic431685.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users