Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is she still infected?


  • This topic is locked This topic is locked
6 replies to this topic

#1 snglnluvnit

snglnluvnit

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:12:27 PM

Posted 01 February 2012 - 11:51 AM

I am assisting my neighbor with her computer. I initially did some offline scans with MSE/SAS/MBAM. I have attached the results from MSE, the other 2 came up clean.. System still seemed to have problems, slow, took a very long time to boot. I did a chkdsk with both options checked, and it reported nothing wrong. So I backed up her data, and did a "Destructive" factory recovery (HP), updated some programs and installed Avast Free version, another scan turned up nothing. While doing Windows/Microsoft updates 3 initially failed, one installed later but still have 2 that won't, but they don't come up anymore requesting to be installed. KB979906 error code=0xC0000005 and KB920213 error code=0x8024200D. OS is XP MCE 2002 sp3 (although COA on side says 2005) But I would like to just have the DDS/GMER logs looked over for peace of mind.

Thanks Scott

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 7:27:32 on 2012-02-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1524 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\RTHDCPL.EXE
svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: trymedia.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1328011934786
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1328011974927
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
TCP: Interfaces\{1C633982-5F1D-442C-A8C9-4C14FE3AAA79} : DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-31 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-31 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-31 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-31 44768]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-1-31 253600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-01 12:51:05 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-02-01 12:51:04 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-01-31 23:37:09 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Sun
2012-01-31 18:12:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 18:12:45 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-01-31 18:12:17 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-31 18:12:17 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-31 18:12:16 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-31 18:10:33 -------- d-----w- c:\program files\CCleaner
2012-01-31 14:50:01 -------- d-----w- c:\windows\system32\XPSViewer
2012-01-31 14:49:38 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-31 14:49:27 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-01-31 14:49:27 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-01-31 14:49:27 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-01-31 14:49:27 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-01-31 14:49:27 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-01-31 14:49:27 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-01-31 14:49:27 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-01-31 14:49:27 117760 ------w- c:\windows\system32\prntvpt.dll
2012-01-31 14:49:27 -------- d-----w- C:\75f5b24c24fc7e096a0b8c317008
2012-01-31 14:46:10 -------- d-----w- c:\program files\Windows Media Connect 2
2012-01-31 14:44:29 -------- d-----w- c:\windows\system32\LogFiles
2012-01-31 14:43:17 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-01-31 14:11:15 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-31 14:11:12 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-01-31 14:10:44 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-01-31 14:08:45 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-01-31 14:08:34 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-01-31 14:08:11 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2012-01-31 14:08:11 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-01-31 14:07:48 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-01-31 14:06:46 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2012-01-31 14:03:46 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-31 14:03:33 41184 ----a-w- c:\windows\avastSS.scr
2012-01-31 14:03:23 -------- d-----w- c:\program files\AVAST Software
2012-01-31 14:03:23 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-01-31 13:28:34 -------- d-----w- c:\windows\system32\scripting
2012-01-31 13:28:34 -------- d-----w- c:\windows\system32\en
2012-01-31 13:28:34 -------- d-----w- c:\windows\l2schemas
2012-01-31 13:28:33 -------- d-----w- c:\windows\system32\bits
2012-01-31 13:25:24 -------- d-----w- c:\windows\network diagnostic
2012-01-31 13:18:57 9728 ------w- c:\windows\system32\rwnh.dll
2012-01-31 13:10:36 -------- d-sh--r- C:\cmdcons
2012-01-31 13:10:34 -------- d-----w- c:\windows\setup.pss
2012-01-31 13:08:31 -------- d-sh--w- c:\documents and settings\hp_administrator\IECompatCache
2012-01-31 13:08:19 -------- d-sh--w- c:\documents and settings\hp_administrator\PrivacIE
2012-01-31 13:06:06 -------- d-sh--w- c:\documents and settings\hp_administrator\IETldCache
2012-01-31 12:59:06 -------- d-----w- c:\program files\MSXML 4.0
2012-01-31 12:49:39 -------- d-----w- c:\windows\ie8updates
2012-01-31 12:49:33 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-31 12:49:33 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-01-31 12:49:33 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-01-31 12:49:33 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-31 12:49:33 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-01-31 12:49:33 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-01-31 12:49:33 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-01-31 12:48:47 -------- d-----r- c:\documents and settings\all users\Documents
2012-01-31 12:48:22 -------- dc-h--w- c:\windows\ie8
2012-01-31 12:47:02 -------- d-----r- c:\windows\Offline Web Pages
2012-01-31 12:43:55 -------- d-sh--r- c:\windows\system32\dllcache
2012-01-31 12:38:21 -------- d-----w- c:\windows\ServicePackFiles
2012-01-31 12:34:23 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-01-31 12:29:21 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-01-31 12:27:43 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-01-31 12:27:28 357888 ------w- c:\windows\system32\dllcache\srv.sys
2012-01-31 12:26:39 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-01-31 12:26:39 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-01-31 12:26:33 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2012-01-31 12:22:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2012-01-31 12:21:57 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-01-31 12:21:57 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2012-01-31 12:21:54 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-01-31 12:17:03 23040 ------w- c:\windows\kb913800.exe
2012-01-31 12:14:51 -------- d-----w- c:\windows\system32\PreInstall
2012-01-31 12:12:32 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-01-31 12:12:32 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-01-31 12:12:32 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-01-31 12:12:32 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-01-31 12:12:32 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-01-31 12:12:01 -------- d-sh--w- c:\documents and settings\hp_administrator\UserData
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ------w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ------w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 7:28:18.09 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:27 PM

Posted 05 February 2012 - 10:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your logs are clean.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#3 snglnluvnit

snglnluvnit
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:12:27 PM

Posted 05 February 2012 - 10:19 AM

Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java™ 7 Update 2
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

Thank you for taking the time to reply and assist me!!!
Scott

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:27 PM

Posted 05 February 2012 - 01:29 PM

Your logs are cleans.

Any issues with this computer?

#5 snglnluvnit

snglnluvnit
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:12:27 PM

Posted 05 February 2012 - 01:41 PM

No it seems to run fine!! So I thank you for your time and expertise!
This thread can be closed now.

Scott

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:27 PM

Posted 05 February 2012 - 02:24 PM

Glad we could help.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:27 PM

Posted 12 February 2012 - 08:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users