Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.MyWebSearch removed, antivirus hangs


  • This topic is locked This topic is locked
10 replies to this topic

#1 rjpittsley

rjpittsley

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 02 November 2012 - 04:25 PM

I have a Dell E520 with XP pro SP3. After using Malwarebytes to remove multiple 'PUP.MyWebSearch' bugs and related, Norton Security Suite cannot complete scans. It just hangs at a file, and the files are different each time.

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:09 AM

Posted 02 November 2012 - 09:57 PM

Hello rjpittsley and welcome to BC.

Please do not attach logs unless instructed, posting them directly makes the log more readable. Thanks.



Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:09 AM

Posted 08 November 2012 - 02:38 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:09 AM

Posted 09 November 2012 - 08:16 AM

This topic has been re-opened at the request of the person who originally posted.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 rjpittsley

rjpittsley
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 10 November 2012 - 08:41 AM

I ran ComboFix on the laptop, but could not install the Recovery Console because the laptop cannot connect to the internet. Here are the results of the ComboFix.

ComboFix 12-11-09.02 - Dell 11/09/2012 7:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3042 [GMT -5:00]
Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\bcm18B.tmp
c:\windows\bcm18C.tmp
c:\windows\EventSystem.log
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-03 01:08 . 2012-11-03 01:08 -------- d-----w- c:\program files\Recuva
2012-11-03 00:47 . 2012-11-03 00:47 -------- d-----w- c:\program files\CCleaner
2012-11-02 21:11 . 2012-10-30 16:04 431320 ----a-w- C:\Dc1.exe
2012-11-01 22:37 . 2012-11-01 22:37 -------- d-----w- c:\documents and settings\Dell\Application Data\Malwarebytes
2012-11-01 22:25 . 2012-11-01 22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-01 22:25 . 2012-11-01 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-01 22:25 . 2012-09-29 23:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-01 21:02 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-11-01 21:02 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-11-01 21:02 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-11-01 21:01 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-11-01 21:01 . 2012-11-09 12:37 -------- d-----w- c:\program files\Spyware Doctor
2012-11-01 21:01 . 2012-11-01 21:01 -------- d-----w- c:\documents and settings\Dell\Application Data\PC Tools
2012-10-30 19:08 . 2012-11-01 22:21 -------- d-----w- c:\documents and settings\Administrator
2012-10-30 16:04 . 2012-10-30 16:04 54485 ----a-w- C:\show_ads_impl[1].js
2012-10-30 16:04 . 2012-10-30 16:04 287 ----a-w- C:\render_ads[1].js
2012-10-30 16:04 . 2012-10-30 16:04 2 ----a-w- C:\a[1].js
2012-10-30 16:04 . 2012-10-30 16:04 14704 ----a-w- C:\osd[1].js
2012-10-30 16:04 . 2012-10-30 16:04 13117 ----a-w- C:\show_ads[1].js
2012-10-30 16:01 . 2012-10-30 16:01 420320 ----a-w- C:\SCC[1].dll
2012-10-20 17:18 . 2012-10-20 17:40 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\ApplicationHistory
2012-10-20 16:40 . 2012-10-20 16:40 -------- d-----w- c:\documents and settings\Dell\Application Data\Windows Desktop Search
2012-10-20 16:39 . 2012-10-20 17:25 -------- d-----w- c:\program files\Windows Desktop Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-22 17:40 . 2012-09-22 17:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-22 17:40 . 2012-07-04 21:16 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-22 17:40 . 2010-12-18 21:40 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-22 17:40 . 2010-12-18 21:40 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14 . 2008-08-20 17:31 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-08-20 17:30 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-08-20 17:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-08-20 17:30 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 09:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2008-04-14 04:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 04:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-20 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-01-26 1753192]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
2012-06-28 10:28 1250328 ----a-w- c:\documents and settings\Dell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-10-07 09:40 1387288 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-01-18 18:14 1286608 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-06-09 01:40 128560 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"SeaPort"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"N360"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SolidWorks Corp\\SolidWorks\\SLDWORKS.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/1/2012 4:02 PM 207280]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\symds.sys [7/16/2012 5:14 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\symefa.sys [7/16/2012 5:14 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121005.002\BHDrvx86.sys [10/5/2012 1:23 PM 995488]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\ironx86.sys [7/16/2012 5:14 PM 136312]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [10/3/2010 5:06 PM 12184]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [7/16/2012 5:14 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/15/2012 5:07 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121027.002\IDSXpx86.sys [10/29/2012 9:44 PM 373728]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;"c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe" -nodaemon -k runservice --> c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe [?]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 1:30 PM 79168]
S3 cpuz130;cpuz130;\??\c:\docume~1\Dell\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Dell\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [6/15/2010 8:14 AM 87336]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 9:01 AM 2799808]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe --> c:\program files\PCPitstop\PCPitstopScheduleService.exe [?]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/1/2012 4:01 PM 365280]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg6.mail.yahoo.com/neo/launch?.rand=1s6i6lb3sl6a4
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: monster.com\my
Trusted Zone: monster.com\www
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 07:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,94,4d,44,d4,cf,d2,41,af,e0,d3,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,94,4d,44,d4,cf,d2,41,af,e0,d3,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-11-09 07:58:26
ComboFix-quarantined-files.txt 2012-11-09 12:58
.
Pre-Run: 48,748,974,080 bytes free
Post-Run: 48,887,181,312 bytes free
.
- - End Of File - - 02E4CB811DC312FA321FCEB3E46324AE

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:09 AM

Posted 10 November 2012 - 10:13 AM

Hi,


:step1: Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

    C:\Dc1.exe
    c:\windows\system32\sfcfiles.dll

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


:step2: Please download SystemLook from jpshortstuff and save it to your Desktop

Download Mirror #1
Download Mirror #2

  • Double-click the SystemLook and copy-paste the following into the box
    :filefind
    sfcfiles.dll
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 rjpittsley

rjpittsley
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 10 November 2012 - 02:40 PM

VirSCAN would not execute the re-scan for 'sfcfiles.dll'.

VirSCAN.org Scanned Report :
Scanned time : 2012/11/10 13:35:45 (EST)
Scanner results: 3% Scanner(s) (1/37) found malware!
File Name : Dc1.exe
File Size : 431320 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 582b46f0662c5eb8b545ebacfa0abb83
SHA1 : daaf624b7eabf3fa8c5fee6f63d4749b9d4e2c0e
Online report : http://r.virscan.org/038d2fbd8f8d15ae8ccb4660e08f1caf

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20121110184019 2012-11-10 11.81 -
AhnLab V3 2012.11.11.00 2012.11.11 2012-11-11 3.45 -
AntiVir 8.2.10.150 7.11.41.132 2012-09-01 0.20 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.29 -
Arcavir 2011 201211091422 2012-11-09 3.13 -
Authentium 5.1.1 201209090949 2012-09-09 1.57 -
AVAST! 4.7.4 121110-1 2012-11-10 0.25 -
AVG 12.0.1794 2441/5385 2012-11-09 0.28 -
BitDefender 7.90123.7883984 7.43964 2012-11-10 4.45 -
ClamAV 0.97.5 15560 2012-11-10 0.69 -
Comodo 5.1 14158 2012-11-10 2.90 -
CP Secure 1.3.0.5 2012.11.11 2012-11-11 0.25 -
Dr.Web 7.0.4.9250 2012.11.10 2012-11-10 15.99 -
F-Prot 4.6.2.117 20121109 2012-11-09 1.01 -
F-Secure 7.02.73807 2012.11.10.05 2012-11-10 0.24 -
Fortinet 4.3.392 16.549 2012-11-11 0.14 -
GData 22.6660 20121110 2012-11-10 8.34 -
ViRobot 20121109 2012.11.09 2012-11-09 0.40 -
Ikarus T3.1.32.20.0 ..1.32.20.0. --1.32.20.0 0.94 -
JiangMin 13.0.900 2012.11.10 2012-11-10 3.22 -
Kaspersky 5.5.10 2012.10.16 2012-10-16 0.39 -
KingSoft 2009.2.5.15 2012.11.10.9 2012-11-10 1.40 -
McAfee 5400.1158 6891 2012-11-09 9.71 -
Microsoft 1.8904 2012.11.10 2012-11-10 5.32 -
NOD32 3.0.21 7678 2012-11-09 0.24 a variant of Win32/BSDownloader application
Norman 6.8.3 201208311030 2012-08-31 0.00 -
Panda 9.05.01 2012.11.10 2012-11-10 3.22 -
Trend Micro 9.500-1005 9.518.03 2012-11-10 0.20 -
Quick Heal 11.00 2012.11.10 2012-11-10 1.38 -
Rising 20.0 24.35.03.03 2012-11-08 3.60 -
Sophos 3.35.1 4.81 2012-11-10 5.16 -
Sunbelt 3.9.2552.2 13914 2012-11-09 1.05 -
Symantec 1.3.0.24 20121109.004 2012-11-09 0.41 -
nProtect 20121109.01 12506028 2012-11-09 1.90 -
The Hacker 6.8.0.0 v00127 2012-11-09 0.79 -
VBA32 3.12.18.3 20121109.0532 2012-11-09 3.83 -
VirusBuster 5.5.2.13 15.0.251.0/102373992012-11-09 0.23 -


SystemLook 30.07.11 by jpshortstuff
Log created at 13:43 on 10/11/2012 by Dell
Administrator - Elevation successful

========== filefind ==========

Searching for "sfcfiles.dll"
C:\WINDOWS\system32\sfcfiles.dll --a---- 1614848 bytes [17:31 20/08/2008] [17:31 20/08/2008] 362BC5AF8EAF712832C58CC13AE05750

-= EOF =-

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:09 AM

Posted 11 November 2012 - 02:18 AM

OK thanks, anyway how's the computer running?


ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 rjpittsley

rjpittsley
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 11 November 2012 - 10:26 AM

I still cannot connect to the internet (no network connections) and still have a blank device manager. Browsers partially open (blank) and close almost immediately. I cannot start most of my applications.

I'm going to get a boot disc for the COA XP from Dell. If that doesn't fix things, I will just format the hard drive and rebuild.

Thanks for getting me this far, though! Bob

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:09 AM

Posted 12 November 2012 - 07:21 AM

Thank you for letting me know. :)

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:09 AM

Posted 12 November 2012 - 07:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users