Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.vundo -- most recent, detected 12/20/12, quarantined


  • This topic is locked This topic is locked
39 replies to this topic

#1 nowizard

nowizard

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 AM

Posted 29 December 2012 - 03:13 PM

Directed to come here from "Am I infected? ..." (boopme, global moderator)

OTHER Detection Info:
Win32 (Quarantined)
PUPs MyWebSearch
XP Internet Security 2012 (found on two networked PCs)

The following inputs are listed in AVAST Quarantine Log File:
Label_FedEx_Print_document.zip (i think Win32 was associated with this one)
Label_Parcel_USPS_13_114.exe
46469.htm (two entries, April & July 2012)
475314.pdf (two entries, April & July 2012)
5152297.htm (two entries, April & July 2012)

COPIED FROM ORIGINAL POSTS as instructed:

Posted 12/16/12
WHAT I WAS DOING: Preparing to install a new printer by first uninstalling the old printer and all associated software. (and other unused programs).

FIRST PROBLEM ENCOUNTERED: Software uninstallers failed. Unable to remove programs.
OTHER PROBLEMS: CD/DVD drive doesn't always work. Unable to access "All Users" folders. I am the only administrator/user of this PC.
OTHER OBSERVATIONS: Network wizard is remembering an old network name. Folders are set to remember settings but they don't. Not all features of programs are working. Defrag reported some files could not be defragged but report did not list file names. KB977914 failed

WHAT I'VE DONE SO FAR:
Ran disk clean up and defrag.
Ran "Check System Compatibility" feature from XP OP disk (all OK)
Uninstalled SP3 - In retro spec, I believe I should have never done this. Note: Original OP disk includes SP2.
Ran sfc /scannow and chkdsk

RESULTS:
sfc /scannow -- "Files that are required for Windows to run properly must be copied to the DLL Cache."
chkdsk -- recovered lost files, corrected errors in the volume bitmap, found problems with the file system (Ran chkdsk /f)

At this point I reran sfc /scannow and it produced the same results as noted above (DLL missing). Inserted OP disk and received:
"The option to upgrade will not be available at this time because set-up was unable to load the file D:/i386/WINNTUPG/NETUPGRD.DLL. Error performing in page operation."


MY SYSTEM:
Dell Vostro 200
Microsoft Windows XP Home Edition v2002
Service Pack 2 (NOTE: was SP3)

Avast running. Other installed programs: Spybot, Malwarebytes, HJT, CCleaner, Mini toolbox, FSS



Posted 12/20/12

1) attempted to reinstall SP3 ---> it FAILS when it reaches the need to copy Beethovens symphony No. 9.wma. My administrative rights have been altered as I am now unable to access the ALL USERS folder. Did the uninstalling of SP3 affect the original SP2 files, therefore creating the sfc /scannow and chkdsk results?

2) Ran malwarebytes and it found multiple PUPS for MyWebSearch and 1 trojan (Vundo). Per report all were fixed successfully. All Users folder is still inaccessible. I'M THINKING MY REGISTRY NEEDS A GOOD LOOKING AT. Who can do this?

3) wlanapi.dll is missing. needed for one known program (Kies, cell phone to PC connection)

How important is WINNTUPG/NETUPGRD.DLL? Do I need to copy all of the i386 folder from CD (WINXP, SP2) and replace the one on PC?

I'm no expert for sure, but I'm really believing the many nuisance problems are all related to registry entries being incorrect or corrupted; and further believing there is a simpler fix than reinstalling the OP system. The system is working quite well other than a few buggy issues.

DDS.txt
Spoiler

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:11 AM

Posted 01 January 2013 - 07:38 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 nowizard

nowizard
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 AM

Posted 02 January 2013 - 11:23 AM

Yes, I am subscribed and watching this topic.

I was not aware of this ... "Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible."
UNTIL just now.

I have uninstalled one program (Kies) since posting the DDS logs. Not sure about automatic updates.

Would you like me to rerun DDS and post the new results? Should I disable all automatic updates? (ie: java, Microsoft, flash, avast)

Thanks for assisting me!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:11 AM

Posted 02 January 2013 - 08:20 PM

That's no problem, thanks for letting me know about the installation.

Please run aswMBR and we'll check for rootkits

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 nowizard

nowizard
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 AM

Posted 03 January 2013 - 01:17 PM

aswMBR log as requested...

EDIT to post: a post I just read suggested that all anti-virus and malware programs should be disabled before running aswMBR. Is that true? If so, I did not. Do I need to rerun/repost?


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-03 12:52:50
-----------------------------
12:52:50.734 OS Version: Windows 5.1.2600 Service Pack 2
12:52:50.734 Number of processors: 2 586 0xF0D
12:52:50.734 ComputerName: MINX-OFFICE UserName: Michelle
12:52:51.984 Initialize success
12:52:55.640 AVAST engine defs: 13010300
12:53:40.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:53:40.515 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OAB3A Size: 152587MB BusType: 3
12:53:40.546 Disk 0 MBR read successfully
12:53:40.546 Disk 0 MBR scan
12:53:40.546 Disk 0 Windows XP default MBR code
12:53:40.546 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
12:53:40.562 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152539 MB offset 96390
12:53:40.562 Disk 0 scanning sectors +312496380
12:53:40.640 Disk 0 scanning C:\WINDOWS\system32\drivers
12:53:48.921 Service scanning
12:54:08.312 Modules scanning
12:54:49.625 Disk 0 trace - called modules:
12:54:49.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:54:49.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a775ab8]
12:54:49.656 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\00000062[0x8a74cf18]
12:54:49.656 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a777d98]
12:54:50.156 AVAST engine scan C:\WINDOWS
12:55:05.593 AVAST engine scan C:\WINDOWS\system32
12:57:55.531 AVAST engine scan C:\WINDOWS\system32\drivers
12:58:11.703 AVAST engine scan C:\Documents and Settings\Michelle
13:02:23.812 AVAST engine scan C:\Documents and Settings\All Users
13:07:38.843 Scan finished successfully
13:11:05.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michelle\Desktop\Bleeping LOGS\MBR.dat"
13:11:05.468 The log file has been saved successfully to "C:\Documents and Settings\Michelle\Desktop\Bleeping LOGS\aswMBR.txt"

Edited by nowizard, 03 January 2013 - 02:22 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:11 AM

Posted 03 January 2013 - 07:47 PM

You don't need to rerun aswMBR, that's fine.

Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.
Posted Image
m0le is a proud member of UNITE

#7 nowizard

nowizard
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 AM

Posted 03 January 2013 - 11:04 PM

Appreciate your help M0le. I do have the original OP discs should they ever be needed.

Combofix ran smoothly. Did not have to reboot at any time. Recovery Console was not found on the system or it was outdated, so naturally it was downloaded. Log follows...

ComboFix 13-01-03.05 - Michelle 01/03/2013 22:44:36.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2037.1251 [GMT -5:00]
Running from: c:\documents and settings\Michelle\Desktop\Bleeping DOWNLOADS\comfix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\1d151f53-1500-414d-85b4-ab85d24f0785.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\2390e056-e2db-44ed-91a5-5ca43aefea83.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b72409f9-df97-4592-bbfd-fff1ce0a9559.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bbd4d2b0-9dc6-46d0-a352-dbcd92f63c4d.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\SET53E.tmp
c:\windows\system32\_004639_.tmp.dll
c:\windows\system32\_004640_.tmp.dll
c:\windows\system32\_004641_.tmp.dll
c:\windows\system32\_004642_.tmp.dll
c:\windows\system32\_004649_.tmp.dll
c:\windows\system32\_004650_.tmp.dll
c:\windows\system32\_004651_.tmp.dll
c:\windows\system32\_004653_.tmp.dll
c:\windows\system32\_004654_.tmp.dll
c:\windows\system32\_004657_.tmp.dll
c:\windows\system32\_004658_.tmp.dll
c:\windows\system32\_004660_.tmp.dll
c:\windows\system32\_004661_.tmp.dll
c:\windows\system32\_004662_.tmp.dll
c:\windows\system32\_004664_.tmp.dll
c:\windows\system32\_004667_.tmp.dll
c:\windows\system32\_004668_.tmp.dll
c:\windows\system32\_004672_.tmp.dll
c:\windows\system32\_004673_.tmp.dll
c:\windows\system32\_004675_.tmp.dll
c:\windows\system32\_004678_.tmp.dll
c:\windows\system32\_004680_.tmp.dll
c:\windows\system32\_004681_.tmp.dll
c:\windows\system32\_004682_.tmp.dll
c:\windows\system32\_004683_.tmp.dll
c:\windows\system32\_004686_.tmp.dll
c:\windows\system32\_004687_.tmp.dll
c:\windows\system32\_004688_.tmp.dll
c:\windows\system32\_004689_.tmp.dll
c:\windows\system32\_004690_.tmp.dll
c:\windows\system32\_004695_.tmp.dll
c:\windows\system32\_004697_.tmp.dll
c:\windows\system32\_004698_.tmp.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\SET1117.tmp
c:\windows\system32\SET1118.tmp
c:\windows\system32\SET111D.tmp
c:\windows\system32\SET111E.tmp
c:\windows\system32\SET1122.tmp
c:\windows\system32\SET1126.tmp
c:\windows\system32\SET112D.tmp
c:\windows\system32\SET1155.tmp
c:\windows\system32\SET1179.tmp
c:\windows\system32\SET117F.tmp
c:\windows\system32\SET1198.tmp
c:\windows\system32\SET214.tmp
c:\windows\system32\SET215.tmp
c:\windows\system32\SET217.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21B.tmp
c:\windows\system32\SET222.tmp
c:\windows\system32\SET223.tmp
c:\windows\system32\SET226.tmp
c:\windows\system32\SET235.tmp
c:\windows\system32\SET23B.tmp
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET23E.tmp
c:\windows\system32\SET23F.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET241.tmp
c:\windows\system32\SET242.tmp
c:\windows\system32\SET244.tmp
c:\windows\system32\SET245.tmp
c:\windows\system32\SET246.tmp
c:\windows\system32\SET249.tmp
c:\windows\system32\SET250.tmp
c:\windows\system32\SET251.tmp
c:\windows\system32\SET252.tmp
c:\windows\system32\SET255.tmp
c:\windows\system32\SET257.tmp
c:\windows\system32\SET259.tmp
c:\windows\system32\SET25F.tmp
c:\windows\system32\SET262.tmp
c:\windows\system32\SET263.tmp
c:\windows\system32\SET265.tmp
c:\windows\system32\SET267.tmp
c:\windows\system32\SET268.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SET26B.tmp
c:\windows\system32\SET26C.tmp
c:\windows\system32\SET26D.tmp
c:\windows\system32\SET26E.tmp
c:\windows\system32\SET274.tmp
c:\windows\system32\SET279.tmp
c:\windows\system32\SET27A.tmp
c:\windows\system32\SET27D.tmp
c:\windows\system32\SET280.tmp
c:\windows\system32\SET281.tmp
c:\windows\system32\SET288.tmp
c:\windows\system32\SET289.tmp
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET28E.tmp
c:\windows\system32\SET298.tmp
c:\windows\system32\SET299.tmp
c:\windows\system32\SET29C.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET29F.tmp
c:\windows\system32\SET2A0.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2A2.tmp
c:\windows\system32\SET2A3.tmp
c:\windows\system32\SET2A8.tmp
c:\windows\system32\SET2A9.tmp
c:\windows\system32\SET2AA.tmp
c:\windows\system32\SET2B6.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2BF.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2C1.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C9.tmp
c:\windows\system32\SET2CA.tmp
c:\windows\system32\SET2CE.tmp
c:\windows\system32\SET2CF.tmp
c:\windows\system32\SET2D5.tmp
c:\windows\system32\SET2D6.tmp
c:\windows\system32\SET2D7.tmp
c:\windows\system32\SET2DF.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E5.tmp
c:\windows\system32\SET2E6.tmp
c:\windows\system32\SET2E7.tmp
c:\windows\system32\SET2E8.tmp
c:\windows\system32\SET2EA.tmp
c:\windows\system32\SET2F0.tmp
c:\windows\system32\SET2FC.tmp
c:\windows\system32\SET2FE.tmp
c:\windows\system32\SET300.tmp
c:\windows\system32\SET301.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\SET304.tmp
c:\windows\system32\SET30E.tmp
c:\windows\system32\SET310.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\SET314.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET319.tmp
c:\windows\system32\SET31D.tmp
c:\windows\system32\SET31E.tmp
c:\windows\system32\SET321.tmp
c:\windows\system32\SET322.tmp
c:\windows\system32\SET328.tmp
c:\windows\system32\SET32A.tmp
c:\windows\system32\SET32B.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET333.tmp
c:\windows\system32\SET334.tmp
c:\windows\system32\SET337.tmp
c:\windows\system32\SET338.tmp
c:\windows\system32\SET339.tmp
c:\windows\system32\SET33A.tmp
c:\windows\system32\SET33B.tmp
c:\windows\system32\SET33D.tmp
c:\windows\system32\SET33E.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET341.tmp
c:\windows\system32\SET342.tmp
c:\windows\system32\SET343.tmp
c:\windows\system32\SET345.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET34E.tmp
c:\windows\system32\SET34F.tmp
c:\windows\system32\SET354.tmp
c:\windows\system32\SET355.tmp
c:\windows\system32\SET356.tmp
c:\windows\system32\SET358.tmp
c:\windows\system32\SET35B.tmp
c:\windows\system32\SET35D.tmp
c:\windows\system32\SET35E.tmp
c:\windows\system32\SET361.tmp
c:\windows\system32\SET362.tmp
c:\windows\system32\SET365.tmp
c:\windows\system32\SET368.tmp
c:\windows\system32\SET369.tmp
c:\windows\system32\SET36B.tmp
c:\windows\system32\SET370.tmp
c:\windows\system32\SET374.tmp
c:\windows\system32\SET37B.tmp
c:\windows\system32\SET37C.tmp
c:\windows\system32\SET37F.tmp
c:\windows\system32\SET380.tmp
c:\windows\system32\SET387.tmp
c:\windows\system32\SET389.tmp
c:\windows\system32\SET38B.tmp
c:\windows\system32\SET38C.tmp
c:\windows\system32\SET393.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET397.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET39A.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A9.tmp
c:\windows\system32\SET3AB.tmp
c:\windows\system32\SET3AC.tmp
c:\windows\system32\SET3AD.tmp
c:\windows\system32\SET3AF.tmp
c:\windows\system32\SET3B0.tmp
c:\windows\system32\SET3B5.tmp
c:\windows\system32\SET3B7.tmp
c:\windows\system32\SET3B8.tmp
c:\windows\system32\SET3BF.tmp
c:\windows\system32\SET3CA.tmp
c:\windows\system32\SET3CD.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3D2.tmp
c:\windows\system32\SET3D7.tmp
c:\windows\system32\SET3DA.tmp
c:\windows\system32\SET3E2.tmp
c:\windows\system32\SET3E4.tmp
c:\windows\system32\SET3E5.tmp
c:\windows\system32\SET3EB.tmp
c:\windows\system32\SET3EE.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET402.tmp
c:\windows\system32\SET406.tmp
c:\windows\system32\SET408.tmp
c:\windows\system32\SET40A.tmp
c:\windows\system32\SET410.tmp
c:\windows\system32\SET411.tmp
c:\windows\system32\SET414.tmp
c:\windows\system32\SET419.tmp
c:\windows\system32\SET422.tmp
c:\windows\system32\SET427.tmp
c:\windows\system32\SET429.tmp
c:\windows\system32\SET42B.tmp
c:\windows\system32\SET42C.tmp
c:\windows\system32\SET42E.tmp
c:\windows\system32\SET432.tmp
c:\windows\system32\SET436.tmp
c:\windows\system32\SET43D.tmp
c:\windows\system32\SET440.tmp
c:\windows\system32\SET442.tmp
c:\windows\system32\SET448.tmp
c:\windows\system32\SET452.tmp
c:\windows\system32\SET458.tmp
c:\windows\system32\SET459.tmp
c:\windows\system32\SET45B.tmp
c:\windows\system32\SET45C.tmp
c:\windows\system32\SET45D.tmp
c:\windows\system32\SET465.tmp
c:\windows\system32\SET469.tmp
c:\windows\system32\SET46E.tmp
c:\windows\system32\SET474.tmp
c:\windows\system32\SET487.tmp
c:\windows\system32\SET488.tmp
c:\windows\system32\SET4AA.tmp
c:\windows\system32\SET4AD.tmp
c:\windows\system32\SET4B2.tmp
c:\windows\system32\SET4B4.tmp
c:\windows\system32\SET4B9.tmp
c:\windows\system32\SET4BB.tmp
c:\windows\system32\SET4BC.tmp
c:\windows\system32\SET4BD.tmp
c:\windows\system32\SET4BF.tmp
c:\windows\system32\SET4C0.tmp
c:\windows\system32\SET4C1.tmp
c:\windows\system32\SET4C2.tmp
c:\windows\system32\SET4C4.tmp
c:\windows\system32\SET4C6.tmp
c:\windows\system32\SET4C7.tmp
c:\windows\system32\SET4C8.tmp
c:\windows\system32\SET4CB.tmp
c:\windows\system32\SET4CD.tmp
c:\windows\system32\SET4D2.tmp
c:\windows\system32\SET4D3.tmp
c:\windows\system32\SET4DB.tmp
c:\windows\system32\SET4E2.tmp
c:\windows\system32\SET4E7.tmp
c:\windows\system32\SET4EB.tmp
c:\windows\system32\SET4EE.tmp
c:\windows\system32\SET4F0.tmp
c:\windows\system32\SET4F4.tmp
c:\windows\system32\SET4F6.tmp
c:\windows\system32\SET4F7.tmp
c:\windows\system32\SET4F8.tmp
c:\windows\system32\SET4FC.tmp
c:\windows\system32\SET4FD.tmp
c:\windows\system32\SET501.tmp
c:\windows\system32\SET502.tmp
c:\windows\system32\SET50B.tmp
c:\windows\system32\SET50E.tmp
c:\windows\system32\SET512.tmp
c:\windows\system32\SET514.tmp
c:\windows\system32\SET516.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))))
.
.
2012-12-29 16:58 . 2012-12-29 18:35 -------- d-----w- c:\windows\system32\NtmsData
2012-12-27 20:58 . 2012-12-27 20:58 -------- d-----w- c:\documents and settings\Michelle\Application Data\Leadertech
2012-12-27 20:38 . 2012-12-27 20:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\Epson
2012-12-27 20:33 . 2011-04-19 08:03 95232 ----a-w- c:\windows\system32\E_TLBIUE.DLL
2012-12-27 20:33 . 2011-03-14 08:03 81408 ----a-w- c:\windows\system32\E_TD4BIUE.DLL
2012-12-27 20:33 . 2007-04-10 06:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-12-27 20:32 . 2012-12-27 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2012-12-24 01:45 . 2012-12-24 01:46 -------- d-----w- c:\program files\Speccy
2012-12-20 19:08 . 2012-12-20 19:08 -------- d-----w- c:\documents and settings\Michelle\Application Data\Windows Search
2012-12-19 15:24 . 2012-12-19 15:24 -------- d-----w- c:\documents and settings\Michelle\Application Data\Windows Desktop Search
2012-12-19 15:24 . 2012-12-19 15:24 -------- d-----w- c:\windows\system32\GroupPolicy
2012-12-18 16:28 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\dllcache\msadcer.dll
2012-12-10 01:51 . 2012-12-10 01:51 45056 ------r- c:\documents and settings\Michelle\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-12-10 01:51 . 2012-12-10 01:51 -------- d-----w- c:\windows\system32\vmm32
2012-12-10 01:28 . 2004-08-04 03:41 1041536 ----a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2012-12-10 01:28 . 2004-08-04 03:41 685056 ----a-w- c:\windows\system32\dllcache\hsfcxts2.sys
2012-12-10 01:28 . 2004-08-04 03:41 220032 ----a-w- c:\windows\system32\dllcache\hsfbs2s2.sys
2012-12-09 21:00 . 2008-04-14 00:12 218112 ----a-w- c:\windows\system32\wbem\SET573.tmp
2012-12-09 20:59 . 2008-04-14 00:12 65536 ----a-w- c:\program files\Common Files\System\Ole DB\SET553.tmp
2012-12-09 20:46 . 2012-12-18 17:22 -------- d-----w- c:\windows\system32\CatRoot_bak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 13:20 . 2012-07-23 14:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 13:20 . 2012-07-23 14:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 23:51 . 2011-06-06 12:18 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2009-10-22 03:23 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 23:51 . 2009-10-22 03:23 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2009-10-22 03:23 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2009-10-22 03:23 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 23:51 . 2009-10-22 03:23 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 23:51 . 2009-10-22 03:23 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 23:51 . 2009-10-22 03:23 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2010-09-29 16:49 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2009-10-22 03:22 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-29 17:10 . 2012-11-26 14:44 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-10-29 17:09 . 2012-10-29 17:09 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-10-29 17:09 . 2012-10-29 17:09 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-10-29 17:09 . 2012-10-29 17:09 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-10-29 17:09 . 2012-10-29 17:09 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-10-29 17:09 . 2012-10-29 17:09 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-10-29 17:09 . 2012-10-29 17:09 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-10-29 17:09 . 2012-10-29 17:09 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-10-29 17:09 . 2012-10-29 17:09 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-10-29 17:09 . 2012-10-29 17:09 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-10-29 17:09 . 2012-10-29 17:09 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-10-29 17:09 . 2012-10-29 17:09 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-10-29 17:09 . 2012-10-29 17:09 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-10-29 17:09 . 2012-10-29 17:09 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-10-29 17:09 . 2012-10-29 17:09 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-10-29 17:09 . 2012-10-29 17:09 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-10-29 17:09 . 2012-10-29 17:09 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-10-29 17:09 . 2012-10-29 17:09 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-10-29 17:09 . 2012-10-29 17:09 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-10-29 17:09 . 2012-10-29 17:09 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-10-29 17:09 . 2012-10-29 17:09 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-10-29 17:09 . 2012-10-29 17:09 155648 ----a-w- c:\windows\system32\MSFLib.dll
2008-04-03 00:42 . 2008-04-03 00:42 6039144 -c----w- c:\program files\Firefox Setup 2.0.0.13.exe
2012-12-06 03:05 . 2012-12-06 03:05 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000001"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIIUE.EXE" [2012-02-27 249440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-06-15 53248]
"mm_server"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2005-06-15 86016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-16 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/6/2011 7:18 AM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/21/2009 10:23 PM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/21/2009 10:23 PM 21256]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [5/10/2012 2:00 PM 539744]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [12/27/2012 3:34 PM 122000]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\drivers\PTQHBUS.sys [6/12/2011 3:54 PM 55056]
S3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\drivers\PTQHMDM.sys [6/12/2011 3:54 PM 161040]
S3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\drivers\PTQHVSP.sys [6/12/2011 3:54 PM 161040]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 13:20]
.
2013-01-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-06-29 23:50]
.
2012-11-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-11-29 23:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080229
IE: Add to Windows &Live Favorites
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 74.128.19.102 74.128.17.114
FF - ProfilePath - c:\documents and settings\Michelle\Application Data\Mozilla\Firefox\Profiles\c336w73w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-KiesPreload - c:\program files\Samsung\Kies\Kies.exe
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
HKLM-Run-LELA - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
HKLM-Run-atr.exe - (no file)
HKLM-Run-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
Notify-dimsntfy - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-03 22:51
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-01-03 22:54:31
ComboFix-quarantined-files.txt 2013-01-04 03:54
.
Pre-Run: 117,545,680,896 bytes free
Post-Run: 117,607,026,688 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F0CAAC7B54D9DA82E5A1820500A451D0

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:11 AM

Posted 04 January 2013 - 09:39 PM

Please now run ESET's online scanner

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#9 nowizard

nowizard
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 AM

Posted 04 January 2013 - 11:49 PM

Thank you for the continued help!

Rebooting after Combofix was ran I noticed the icons in the sys tray took longer than normal to appear. Avast did not appear until I pulled up the program through "Start". Will do a restart in the morning and let you know if there is any change there.

ESET did not generate a log automatically. The information below was retrieved through C:\Program Files\ESET\ESET Online Scanner\log.txt.

I did not check either of the two boxes at scan completion. "Uninstall App on Close" or "Delete Quarantined files"
Should I have?

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=7fd018378d5f314aab82736decb2272b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-05 04:33:00
# local_time=2013-01-04 11:33:00 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# scanned=113918
# found=1
# cleaned=1
# scan_time=4945
C:\Documents and Settings\Michelle\Downloaded Programs\09-06 Jun\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 3B2D8EB932B27540AEB58082F005547E83991B6D C

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:11 AM

Posted 05 January 2013 - 05:45 AM

I did not check either of the two boxes at scan completion. "Uninstall App on Close" or "Delete Quarantined files"
Should I have?


No, you did that fine. Just one piece of adware there. The reboot should take care of any other issues so let me know when you've done that.
Posted Image
m0le is a proud member of UNITE

#11 nowizard

nowizard
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 AM

Posted 05 January 2013 - 08:40 AM

Restart, this morning, was what I'd consider to be normal (acceptable speed between icons appearing). The AVAST icon, however, did not appear until after accessing the program through the "start" menu.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:11 AM

Posted 05 January 2013 - 07:59 PM

Possibly it was targeted by the malware and the startup has been damaged. Reinstall the program and that should solve it.

Any other issues?
Posted Image
m0le is a proud member of UNITE

#13 nowizard

nowizard
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 AM

Posted 06 January 2013 - 12:01 AM

When I returned home this evening I was unable to connect to the internet. I rebooted and after the BIOS screen went off a black screen momentarily appeared ... all I caught was the words "Please select..." The blue welcome screen hung for close to a minute and items along the task bar were slow to complete their visibility. I still had no internet connection and the AVAST icon didn't appear.

My daughter also noted she had service intermittently throughout the day while using her Galaxy Player to connect to the WiFi. I then powered down my system (PC, modem & router) thinking the problem may just have been with my ISP. Upon start-up I again received the black screen, but for a longer period. Able to catch the entire first line "Please select your OP system." It did continue to move onward without any prompts by me. Avast icon appeared this time.

I also noted an IE icon now appears on my desktop, but was not there prior to running the ESET scan.

As for further problems, especially those noted in the first post, I'm unable to answer those as of yet. It's late now, so will attempt the following in the morning.

1) reinstall SP3
2) try to uninstall the programs of desire hoping the uninstaller features work
3) will run sfc /scannow to see if I get the same prompt as before (Files that are required for Windows to run properly must be copied to the DLL cache)
4) will run chkdsk to see if it states there are [still] problems with the file system
5) will test the CD/DVD drive to see if it works consistently. It is able to read blank DVD disks, but will also test to see if it is able to read audio & video disks. I do know it fails more often than not with program disks (ie: the original XP disks).

Will post my discoveries ...

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:11 AM

Posted 06 January 2013 - 06:53 AM

I also noted an IE icon now appears on my desktop, but was not there prior to running the ESET scan.

It was added by Combofix. It defaults your browser to IE


As for further problems, especially those noted in the first post, I'm unable to answer those as of yet. It's late now, so will attempt the following in the morning.

1) reinstall SP3
2) try to uninstall the programs of desire hoping the uninstaller features work
3) will run sfc /scannow to see if I get the same prompt as before (Files that are required for Windows to run properly must be copied to the DLL cache)
4) will run chkdsk to see if it states there are [still] problems with the file system
5) will test the CD/DVD drive to see if it works consistently. It is able to read blank DVD disks, but will also test to see if it is able to read audio & video disks. I do know it fails more often than not with program disks (ie: the original XP disks).


:thumbup2:
Posted Image
m0le is a proud member of UNITE

#15 nowizard

nowizard
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 AM

Posted 07 January 2013 - 02:33 PM

The start to the day was not looking good, but it improved.

Start-up received the usual black screen prompting selection of the OP system, but continued on after 30 seconds

When trying to login here at Bleeping Computer I received the following 2 error messages...
1) You are about to leave a secure internet connection. Do you want to continue?
2) You are about to view pages over a secure connection.

It took four (4) attempts of closing out the windows before I was allowed to reenter my id/password and move forward.

Then I started the tasks as mentioned in my last post.

1) Ran sfc /scannow -- reached the pop-up message "Files that are required for Windows to run properly must be copied to the DLL Cache". Inserted my OP disk. After 9 times of inserting/reinserting the disk, it finally was able to be read. I'm not familiar with the process, so is it safe to assume that the system found the missing DLL and copied in to my hard drive being that the scan continued on to completion? Rebooted 2 times since this scan and never received the black screen again.

2) Ran chkdsk (read only) -- I gather all went well here. I looked down for a second while it was running task 3 of 3 and when I looked up the window had closed.

3) Tested the drive with various disks and all failed to read. Just prior to doing this post, however, it was able to read 4 different disks. :thumbup2:

4) Found information on how to regain access to the All Users/Documents folder, thus was able to reinstall SP3 successfully. :thumbsup:

5) 8 other Microsoft updates were also installed. All successful.

6) I uninstalled one program (PC-Cam Center Lite) from Add/Remove programs. That program and several others that were previously uninstalled are no longer in the Add/Remove window, BUT they do still remain in the start menu. How do I remove these programs completely?

Have to close for now and head to work. Will do another reboot when I return to "see" how all is continuing to work. Primarily the drive and loading times...currently takes 1 minute, 55 seconds from power on until I can access the first file/program. IE had taken 25 seconds to load in order to access the SP3 download. Are these times normal?

Will post my findings, if any. Thanks so much for your continued help and insight.

UPDATE @ 6:00 pm: Start-up took 3 minutes, Black Screen appeared immediately...never got the normal BIOS, moved on to the welcome screen which hung. Noticed the volume control icon no longer appeared in the sys tray. CD/DVD drive continued to work.

Edited by nowizard, 07 January 2013 - 06:09 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users