Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

probable infection, details unknown, starting new thread with dds logs


  • This topic is locked This topic is locked
149 replies to this topic

#1 liquidescapes

liquidescapes

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 19 July 2013 - 12:03 AM

i have been trying to get a dell laptop with XP back online, it has not been able to access the internet for a long while.  i received great advice from people on here, but we still haven't gotten things figured out.  i was asked to start a new thread with DDS logs.

 

all that we have already tried is in the following thread, if there are any other details that i should provide, please let me know.

 

http://www.bleepingcomputer.com/forums/t/501132/i-have-a-network-connection-but-server-is-not-found-winsock-problem/page-2#entry3107422

 

 

posting DDS logs below

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18241  BrowserJavaVersion: 1.6.0_17
Run by Michele Buscher at 23:57:02 on 2013-07-18
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.494 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: MRI_DISABLED - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - LocalServer32 - <no file>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {215cf108-e7eb-4814-a83c-7d0ca7df0688} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - <orphaned>
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10a.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{77408EB1-A537-4D36-A127-E28F8629FB04} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: NavLogon - <no file>
Notify: WgaLogon - <no file>
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michele buscher\application data\mozilla\firefox\profiles\fq18ul0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! Online Security: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-13 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-13 174664]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\documents and settings\michele buscher\desktop\cleaning\emsisoftemergencykit\run\a2ddax86.sys [2013-7-13 17904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-13 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-7-13 368944]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-6-18 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [2013-6-18 593408]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-6-18 32816]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 xlkfs;xlkfs;c:\windows\system32\drivers\xlkfs.sys [2009-9-14 18432]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-7-13 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-13 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-7-13 46808]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2013-6-18 4785848]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 adxapie;adxapie;\??\c:\docume~1\michel~1\locals~1\temp\adxapie.sys --> c:\docume~1\michel~1\locals~1\temp\adxapie.sys [?]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-6-18 127192]
S3 RmAx;RMAXUSB;c:\windows\system32\drivers\RmAx.sys [2009-3-4 40502]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2013-07-18 19:37:03    --------    d-----w-    c:\program files\Tweaking.com
2013-07-18 09:06:56    --------    d-----w-    c:\documents and settings\michele buscher\application data\JAM Software
2013-07-18 08:54:24    --------    d-----w-    c:\program files\JAM Software
2013-07-18 00:53:02    75264    ----a-w-    c:\windows\system32\drivers\ipsec.sys
2013-07-18 00:53:02    75264    ----a-w-    c:\windows\system32\dllcache\ipsec.sys
2013-07-16 16:31:44    --------    d-----w-    c:\documents and settings\michele buscher\application data\ConverterPlus
2013-07-16 16:31:32    --------    d-----w-    c:\program files\Converter Plus
2013-07-15 03:37:23    19569    ----a-w-    c:\windows\000001_.tmp
2013-07-15 03:10:02    --------    d-----w-    C:\ERDNT
2013-07-13 22:17:04    --------    d-s---w-    c:\documents and settings\all users\application data\Shared Space
2013-07-13 22:14:53    --------    d-----w-    c:\documents and settings\all users\application data\COMODO
2013-07-13 22:13:35    --------    d-----w-    c:\documents and settings\michele buscher\local settings\application data\COMODO
2013-07-13 22:13:18    --------    d-----w-    c:\program files\Comodo
2013-07-13 22:13:10    --------    d-----w-    c:\documents and settings\all users\application data\Comodo Downloader
2013-07-13 21:46:32    --------    d-----w-    c:\documents and settings\michele buscher\application data\SUPERAntiSpyware.com
2013-07-13 21:45:35    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-07-13 21:45:34    --------    d-----w-    c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-07-13 21:42:38    256904    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2013-07-13 21:39:44    --------    d-----w-    c:\program files\CheckPoint
2013-07-13 21:38:23    --------    d-----w-    c:\documents and settings\all users\application data\CheckPoint
2013-07-13 08:43:00    --------    d-----w-    c:\documents and settings\michele buscher\local settings\application data\privazer
2013-07-13 08:41:01    --------    d-----w-    c:\program files\CCleaner
2013-07-13 07:01:35    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2013-07-13 07:01:35    --------    d-----w-    c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-07-13 06:49:33    21504    ----a-w-    c:\windows\system32\hidserv.dll
2013-07-13 06:49:33    21504    ----a-w-    c:\windows\system32\dllcache\hidserv.dll
2013-07-13 06:49:14    14592    ----a-w-    c:\windows\system32\drivers\kbdhid.sys
2013-07-13 06:49:14    14592    ----a-w-    c:\windows\system32\dllcache\kbdhid.sys
2013-07-13 06:48:16    --------    d-----w-    c:\documents and settings\michele buscher\Doctor Web
2013-07-13 06:38:15    57600    ----a-w-    c:\windows\system32\drivers\redbook.sys
2013-07-13 06:38:15    57600    ----a-w-    c:\windows\system32\dllcache\redbook.sys
2013-07-13 06:32:15    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-13 06:32:15    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-07-13 06:25:30    765736    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-07-13 06:25:30    174664    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-07-13 06:25:29    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-07-13 06:25:28    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-07-13 06:24:33    41664    ----a-w-    c:\windows\avastSS.scr
2013-07-13 06:23:57    --------    d-----w-    c:\program files\AVAST Software
2013-07-13 06:23:03    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2013-07-13 05:58:02    --------    d-----w-    c:\documents and settings\michele buscher\application data\Wise Uninstaller
.
==================== Find3M  ====================
.
2013-06-18 21:16:24    32816    ----a-w-    c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 21:16:22    593408    ----a-w-    c:\windows\system32\drivers\cmdGuard.sys
2013-06-18 21:16:22    18528    ----a-w-    c:\windows\system32\drivers\cmderd.sys
2013-06-18 21:15:50    35488    ----a-w-    c:\windows\system32\cmdcsr.dll
2013-06-18 21:15:48    348584    ----a-w-    c:\windows\system32\guard32.dll
2013-06-18 21:15:36    40664    ----a-w-    c:\windows\system32\cmdkbd32.dll
2013-06-18 21:15:36    278232    ----a-w-    c:\windows\system32\cmdvrt32.dll
.
============= FINISH:  0:09:21.82 ===============

 

 

 

 

 

 

 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/28/2006 12:43:20 PM
System Uptime: 7/17/2013 10:25:42 PM (26 hours ago)
.
Motherboard: Dell Inc. |  | 0MD541
Processor:         Intel® Pentium® M processor 1.73GHz | Microprocessor | 1729/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 89 GiB total, 26.744 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP827: 7/13/2013 12:59:40 AM - Removed Ad-Aware
RP828: 7/13/2013 1:07:07 AM - Removed AVG 2012
RP829: 7/13/2013 1:08:45 AM - Removed AVG 2012
RP830: 7/13/2013 1:14:44 AM - Removed Symantec AntiVirus
RP831: 7/13/2013 1:23:57 AM - avast! Free Antivirus Setup
RP832: 7/13/2013 2:36:07 PM - Removed BlackBerry Desktop Software 5.0.1.
RP833: 7/13/2013 3:18:51 PM - Restore point
RP834: 7/13/2013 5:38:37 PM - Removed GeekBuddy.
RP835: 7/13/2013 11:25:56 PM - july13
RP836: 7/14/2013 10:37:37 PM - Installed Windows XP Service Pack 3.
RP837: 7/14/2013 10:43:00 PM - Installed Windows XP KB938464.
RP838: 7/15/2013 10:57:02 PM - System Checkpoint
RP839: 7/16/2013 12:18:47 AM - bleepingattempt
RP840: 7/17/2013 12:46:00 AM - System Checkpoint
RP841: 7/18/2013 1:04:54 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.5
Ahead Nero Burning ROM
ALPS Touch Pad Driver
AOLIcon
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Barbie® Pet Rescue
Bonjour
Broadcom Management Programs 2
BufferChm
Canon MP190 series MP Drivers
CCleaner
COMODO Firewall
Conexant D110 MDC V.92 Modem
Converter Plus
Corel Business Applications
CustomerResearchQFolder
D1500
D1500_Help
DAO
DellSupport
Digital Content Portal
Digital Line Detect
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
Easy File Locker 1.2
ELIcon
FastStone Photo Resizer 3.0
GdiplusUpgrade
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential 2.5
HPProductAssistant
HPSSupply
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 17
KidiArt Studio
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Office PowerPoint 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.6.23)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
mToolkit
mWlsSafe
mXML
mZConfig
Nations Photo Lab ROES
Nations Photo Lab ROES Easy
Photo Viewer 2.4
PrivaZer
PRS-500 USB driver
PSSWCORE
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Shop for HP Supplies
SmartWebPrintingOC
Socrates Media Product Browser
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
SUPERAntiSpyware
Toolbox
TreeSize Free V2.7
Tweaking.com - Windows Repair (All in One)
Unload
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Defender
Windows Driver Package - Sony Corporation (PRSUSB) USB  (08/08/2006 1.0.03.08080)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Mobile® Device Handbook
Works Upgrade
ZoneAlarm Free Firewall
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
.
==== Event Viewer Messages From Past Week ========
.
7/17/2013 5:25:28 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  The system cannot find the file specified.
7/17/2013 5:19:24 PM, error: Service Control Manager [7001]  - The AswRdr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  The system cannot find the file specified.
7/17/2013 5:19:14 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/17/2013 1:19:23 AM, error: Service Control Manager [7001]  - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  The system cannot find the file specified.
7/17/2013 1:19:23 AM, error: Service Control Manager [7000]  - The TCP/IP Protocol Driver service failed to start due to the following error:  The system cannot find the file specified.
7/17/2013 1:17:49 AM, error: Service Control Manager [7001]  - The AswRdr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  The dependency service or group failed to start.
7/17/2013 1:17:44 AM, error: Service Control Manager [7001]  - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error:  The system cannot find the file specified.
7/17/2013 1:17:44 AM, error: Service Control Manager [7001]  - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  The dependency service or group failed to start.
7/17/2013 1:17:44 AM, error: Service Control Manager [7000]  - The IPSEC driver service failed to start due to the following error:  The system cannot find the file specified.
7/17/2013 1:17:42 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AswRdr IPSec Lbd Tcpip TfFsMon TfSysMon
7/17/2013 1:17:36 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/16/2013 1:55:02 AM, error: Service Control Manager [7001]  - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:  The operation completed successfully.
7/16/2013 1:55:02 AM, error: DCOM [10005]  - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
7/15/2013 9:38:04 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
7/15/2013 9:38:04 PM, error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/15/2013 9:37:54 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
7/14/2013 10:58:26 PM, error: Service Control Manager [7003]  - The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec
7/14/2013 10:58:26 PM, error: Service Control Manager [7001]  - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  The dependency service does not exist or has been marked for deletion.
7/14/2013 10:54:13 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/14/2013 10:49:27 PM, error: Service Control Manager [7001]  - The AswRdr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  The dependency service does not exist or has been marked for deletion.
7/14/2013 10:49:25 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AswRdr Lbd Tcpip TfFsMon TfSysMon
7/14/2013 10:49:25 PM, error: Service Control Manager [7023]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:  The system cannot find the file specified.
7/14/2013 10:49:25 PM, error: Service Control Manager [7003]  - The IPSEC Services service depends on the following nonexistent service: IPSec
7/14/2013 10:49:25 PM, error: Service Control Manager [7001]  - The WLANKEEPER service depends on the EvtEng service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/14/2013 10:49:25 PM, error: Service Control Manager [7001]  - The Spectrum24 Event Monitor service depends on the EvtEng service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/14/2013 10:49:25 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/14/2013 10:49:25 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/14/2013 10:49:25 PM, error: Service Control Manager [7001]  - The Computer Browser service depends on the Workstation service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/14/2013 10:49:00 PM, error: NetBT [4311]  - Initialization failed because the driver device could not be created.
.
==== End Of File ===========================

 

 

 

 

i have transferred avast and several antimalwares onto this computer, avast found a ton of stuff, trojans and rootkits, and the others found a few.  i also put comodo firewall on it, hopefully to prevent things from getting any worse.

 

i don't know if this has anything to do with a possible infection, but when i was backing up the files onto a different computer, i tried to open a Corel WordPerfect document, and Comodo told me the following:   wpwin7.exe is trying to install global hook wpwin7.exe

 

i have no idea what a global hook is, but it sounds bad...

 

thanks, jb
 


Edited by hamluis, 19 July 2013 - 07:26 AM.
Moved from Am I Infected to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 24 July 2013 - 12:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/501545 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 liquidescapes

liquidescapes
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 July 2013 - 01:50 AM

hello.  i have an older dell laptop with XP on it that has not been able to access the internet for a long time.  i am trying to resolve the issue(s) at this time.  i was being helped by someone on bleepingcomputer in the networking forum, but after a few attempts he referred me to the virus forum.  the following link shows what we did up to this point.

 

 

http://www.bleepingcomputer.com/forums/t/501132/i-have-a-network-connection-but-server-is-not-found-winsock-problem/page-2#entry3107422

 

 

prior to finding bleepingcomputer, i had tried to fix the problem myself, through various means which are detailed in the forum post linked above.  the computer was telling me there was a winsock error, so most of what i did pertained to that.  the computer finds the wireless network i'm using, but cannot find a server when i try to access a webpage.  i downloaded avast and MBAM and a few other things to the XP laptop, and avast in particular found a lot of things including some rootkits.  after 2 boot scans, scans seem to be clean.  i also put comodo firewall on it, which makes doing these DDS logs quite the chore.  can i/should i disable the firewall during this troubleshooting?   i'm posting new DDS logs below. 

 

thanks, jb

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18241  BrowserJavaVersion: 1.6.0_17
Run by Michele Buscher at 1:39:46 on 2013-07-26
.
============== Running Processes ================
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: MRI_DISABLED - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - LocalServer32 - <no file>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {215cf108-e7eb-4814-a83c-7d0ca7df0688} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - <orphaned>
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10a.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{77408EB1-A537-4D36-A127-E28F8629FB04} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: NavLogon - <no file>
Notify: WgaLogon - <no file>
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michele buscher\application data\mozilla\firefox\profiles\fq18ul0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! Online Security: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R? adxapie;adxapie
R? cmdvirth;COMODO Virtual Service Manager
R? Lbd;Lbd
R? RmAx;RMAXUSB
R? TfFsMon;TfFsMon
R? TfNetMon;TfNetMon
R? TfSysMon;TfSysMon
S? !SASCORE;SAS Core Service
S? A2DDA;A2 Direct Disk Access Support Driver
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswRvrt;aswRvrt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;aswVmm
S? avast! Antivirus;avast! Antivirus
S? cmdAgent;COMODO Internet Security Helper Service
S? cmderd;COMODO Internet Security Eradication Driver
S? cmdGuard;COMODO Internet Security Driver
S? cmdHlp;COMODO Internet Security Helper Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? WinDefend;Windows Defender
S? xlkfs;xlkfs
.
=============== Created Last 30 ================
.
2013-07-18 19:37:03    --------    d-----w-    c:\program files\Tweaking.com
2013-07-18 09:06:56    --------    d-----w-    c:\documents and settings\michele buscher\application data\JAM Software
2013-07-18 08:54:24    --------    d-----w-    c:\program files\JAM Software
2013-07-18 00:53:02    75264    ----a-w-    c:\windows\system32\drivers\ipsec.sys
2013-07-18 00:53:02    75264    ----a-w-    c:\windows\system32\dllcache\ipsec.sys
2013-07-16 16:31:44    --------    d-----w-    c:\documents and settings\michele buscher\application data\ConverterPlus
2013-07-15 03:10:02    --------    d-----w-    C:\ERDNT
2013-07-13 22:17:04    --------    d-s---w-    c:\documents and settings\all users\application data\Shared Space
2013-07-13 22:14:53    --------    d-----w-    c:\documents and settings\all users\application data\COMODO
2013-07-13 22:13:35    --------    d-----w-    c:\documents and settings\michele buscher\local settings\application data\COMODO
2013-07-13 22:13:18    --------    d-----w-    c:\program files\Comodo
2013-07-13 22:13:10    --------    d-----w-    c:\documents and settings\all users\application data\Comodo Downloader
2013-07-13 21:46:32    --------    d-----w-    c:\documents and settings\michele buscher\application data\SUPERAntiSpyware.com
2013-07-13 21:45:35    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-07-13 21:45:34    --------    d-----w-    c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-07-13 21:42:38    256904    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2013-07-13 21:38:23    --------    d-----w-    c:\documents and settings\all users\application data\CheckPoint
2013-07-13 08:43:00    --------    d-----w-    c:\documents and settings\michele buscher\local settings\application data\privazer
2013-07-13 08:41:01    --------    d-----w-    c:\program files\CCleaner
2013-07-13 07:01:35    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2013-07-13 07:01:35    --------    d-----w-    c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-07-13 06:49:33    21504    ----a-w-    c:\windows\system32\hidserv.dll
2013-07-13 06:49:33    21504    ----a-w-    c:\windows\system32\dllcache\hidserv.dll
2013-07-13 06:49:14    14592    ----a-w-    c:\windows\system32\drivers\kbdhid.sys
2013-07-13 06:49:14    14592    ----a-w-    c:\windows\system32\dllcache\kbdhid.sys
2013-07-13 06:48:16    --------    d-----w-    c:\documents and settings\michele buscher\Doctor Web
2013-07-13 06:38:15    57600    ----a-w-    c:\windows\system32\drivers\redbook.sys
2013-07-13 06:38:15    57600    ----a-w-    c:\windows\system32\dllcache\redbook.sys
2013-07-13 06:32:15    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-13 06:32:15    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-07-13 06:25:30    765736    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-07-13 06:25:30    174664    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-07-13 06:25:29    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-07-13 06:25:28    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-07-13 06:24:33    41664    ----a-w-    c:\windows\avastSS.scr
2013-07-13 06:23:57    --------    d-----w-    c:\program files\AVAST Software
2013-07-13 06:23:03    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2013-07-13 05:58:02    --------    d-----w-    c:\documents and settings\michele buscher\application data\Wise Uninstaller
.
==================== Find3M  ====================
.
2013-06-18 21:16:24    32816    ----a-w-    c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 21:16:22    593408    ----a-w-    c:\windows\system32\drivers\cmdGuard.sys
2013-06-18 21:16:22    18528    ----a-w-    c:\windows\system32\drivers\cmderd.sys
2013-06-18 21:15:50    35488    ----a-w-    c:\windows\system32\cmdcsr.dll
2013-06-18 21:15:48    348584    ----a-w-    c:\windows\system32\guard32.dll
2013-06-18 21:15:36    40664    ----a-w-    c:\windows\system32\cmdkbd32.dll
2013-06-18 21:15:36    278232    ----a-w-    c:\windows\system32\cmdvrt32.dll
.
============= FINISH:  1:59:11.71 ===============

 

 

 

 

 

 

 

 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/28/2006 12:43:20 PM
System Uptime: 7/21/2013 5:44:30 PM (105 hours ago)
.
Motherboard: Dell Inc. |  | 0MD541
Processor:         Intel® Pentium® M processor 1.73GHz | Microprocessor | 1054/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 89 GiB total, 16.618 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP827: 7/13/2013 12:59:40 AM - Removed Ad-Aware
RP828: 7/13/2013 1:07:07 AM - Removed AVG 2012
RP829: 7/13/2013 1:08:45 AM - Removed AVG 2012
RP830: 7/13/2013 1:14:44 AM - Removed Symantec AntiVirus
RP831: 7/13/2013 1:23:57 AM - avast! Free Antivirus Setup
RP832: 7/13/2013 2:36:07 PM - Removed BlackBerry Desktop Software 5.0.1.
RP833: 7/13/2013 3:18:51 PM - Restore point
RP834: 7/13/2013 5:38:37 PM - Removed GeekBuddy.
RP835: 7/13/2013 11:25:56 PM - july13
RP836: 7/14/2013 10:37:37 PM - Installed Windows XP Service Pack 3.
RP837: 7/14/2013 10:43:00 PM - Installed Windows XP KB938464.
RP838: 7/15/2013 10:57:02 PM - System Checkpoint
RP839: 7/16/2013 12:18:47 AM - bleepingattempt
RP840: 7/17/2013 12:46:00 AM - System Checkpoint
RP841: 7/18/2013 1:04:54 AM - System Checkpoint
RP842: 7/19/2013 3:15:49 AM - System Checkpoint
RP843: 7/19/2013 11:31:44 PM - Removed Microsoft Digital Image Standard 2006 Editor
RP844: 7/19/2013 11:33:02 PM - Removed Microsoft Digital Image Standard 2006 Library
RP845: 7/19/2013 11:51:00 PM - Removed QuickTime
RP846: 7/21/2013 12:57:38 AM - System Checkpoint
RP847: 7/22/2013 1:49:20 AM - System Checkpoint
RP848: 7/23/2013 2:59:13 AM - System Checkpoint
RP849: 7/24/2013 3:57:31 AM - System Checkpoint
RP850: 7/25/2013 5:49:19 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.5
Ahead Nero Burning ROM
ALPS Touch Pad Driver
AOLIcon
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Barbie® Pet Rescue
Bonjour
Broadcom Management Programs 2
BufferChm
CCleaner
COMODO Firewall
Conexant D110 MDC V.92 Modem
Corel Business Applications
CustomerResearchQFolder
D1500
D1500_Help
DAO
DellSupport
Digital Content Portal
Digital Line Detect
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
ELIcon
FastStone Photo Resizer 3.0
GdiplusUpgrade
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential 2.5
HPProductAssistant
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 17
KidiArt Studio
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office PowerPoint 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.6.23)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
mToolkit
mWlsSafe
mXML
mZConfig
Nations Photo Lab ROES
Nations Photo Lab ROES Easy
Photo Viewer 2.4
PrivaZer
PRS-500 USB driver
PSSWCORE
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
SmartWebPrintingOC
Socrates Media Product Browser
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
SUPERAntiSpyware
Toolbox
TreeSize Free V2.7
Tweaking.com - Windows Repair (All in One)
Unload
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Defender
Windows Driver Package - Sony Corporation (PRSUSB) USB  (08/08/2006 1.0.03.08080)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Mobile® Device Handbook
Works Upgrade
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
.
==== Event Viewer Messages From Past Week ========
.
7/20/2013 4:33:27 AM, error: Service Control Manager [7001]  - The AswRdr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  The system cannot find the file specified.
7/20/2013 4:33:27 AM, error: Service Control Manager [7000]  - The TCP/IP Protocol Driver service failed to start due to the following error:  The system cannot find the file specified.
7/20/2013 4:33:24 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AswRdr Lbd Tcpip TfFsMon TfSysMon
7/20/2013 4:33:22 AM, error: Service Control Manager [7023]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:  The system cannot find the file specified.
7/20/2013 4:33:22 AM, error: Service Control Manager [7001]  - The WLANKEEPER service depends on the EvtEng service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/20/2013 4:33:22 AM, error: Service Control Manager [7001]  - The Spectrum24 Event Monitor service depends on the EvtEng service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/20/2013 4:33:22 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/20/2013 4:33:22 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/20/2013 4:33:22 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/20/2013 4:33:22 AM, error: Service Control Manager [7001]  - The Computer Browser service depends on the Workstation service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/20/2013 4:33:06 AM, error: NetBT [4311]  - Initialization failed because the driver device could not be created.
7/19/2013 2:02:37 AM, error: Service Control Manager [7001]  - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:  The operation completed successfully.
7/19/2013 2:02:36 AM, error: DCOM [10005]  - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================
 

 

 

 

any help is appreciated.

 

thanks, jb

 



#4 liquidescapes

liquidescapes
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 July 2013 - 06:32 PM

hello.  i have an older dell laptop with XP on it that has not been able to access the internet for a long time.  i am trying to resolve the issue(s) at this time.  i was being helped by someone on bleepingcomputer in the networking forum, but after a few attempts he referred me to the virus forum.  the following link shows what we did up to this point.

 

 

http://www.bleepingcomputer.com/forums/t/501132/i-have-a-network-connection-but-server-is-not-found-winsock-problem/page-2#entry3107422

 

 

prior to finding bleepingcomputer, i had tried to fix the problem myself, through various means which are detailed in the forum post linked above.  the computer was telling me there was a winsock error, so most of what i did pertained to that.  the computer finds the wireless network i'm using, but cannot find a server when i try to access a webpage.  i downloaded avast and MBAM and a few other things to the XP laptop, and avast in particular found a lot of things including some rootkits.  after 2 boot scans, scans seem to be clean.  i also put comodo firewall on it, which makes doing these DDS logs quite the chore.  can i/should i disable the firewall during this troubleshooting?   i'm posting new DDS logs below. 

 

thanks, jb

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18241  BrowserJavaVersion: 1.6.0_17
Run by Michele Buscher at 1:39:46 on 2013-07-26
.
============== Running Processes ================
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: MRI_DISABLED - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - LocalServer32 - <no file>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {215cf108-e7eb-4814-a83c-7d0ca7df0688} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - <orphaned>
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10a.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{77408EB1-A537-4D36-A127-E28F8629FB04} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: NavLogon - <no file>
Notify: WgaLogon - <no file>
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michele buscher\application data\mozilla\firefox\profiles\fq18ul0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! Online Security: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R? adxapie;adxapie
R? cmdvirth;COMODO Virtual Service Manager
R? Lbd;Lbd
R? RmAx;RMAXUSB
R? TfFsMon;TfFsMon
R? TfNetMon;TfNetMon
R? TfSysMon;TfSysMon
S? !SASCORE;SAS Core Service
S? A2DDA;A2 Direct Disk Access Support Driver
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswRvrt;aswRvrt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;aswVmm
S? avast! Antivirus;avast! Antivirus
S? cmdAgent;COMODO Internet Security Helper Service
S? cmderd;COMODO Internet Security Eradication Driver
S? cmdGuard;COMODO Internet Security Driver
S? cmdHlp;COMODO Internet Security Helper Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? WinDefend;Windows Defender
S? xlkfs;xlkfs
.
=============== Created Last 30 ================
.
2013-07-18 19:37:03    --------    d-----w-    c:\program files\Tweaking.com
2013-07-18 09:06:56    --------    d-----w-    c:\documents and settings\michele buscher\application data\JAM Software
2013-07-18 08:54:24    --------    d-----w-    c:\program files\JAM Software
2013-07-18 00:53:02    75264    ----a-w-    c:\windows\system32\drivers\ipsec.sys
2013-07-18 00:53:02    75264    ----a-w-    c:\windows\system32\dllcache\ipsec.sys
2013-07-16 16:31:44    --------    d-----w-    c:\documents and settings\michele buscher\application data\ConverterPlus
2013-07-15 03:10:02    --------    d-----w-    C:\ERDNT
2013-07-13 22:17:04    --------    d-s---w-    c:\documents and settings\all users\application data\Shared Space
2013-07-13 22:14:53    --------    d-----w-    c:\documents and settings\all users\application data\COMODO
2013-07-13 22:13:35    --------    d-----w-    c:\documents and settings\michele buscher\local settings\application data\COMODO
2013-07-13 22:13:18    --------    d-----w-    c:\program files\Comodo
2013-07-13 22:13:10    --------    d-----w-    c:\documents and settings\all users\application data\Comodo Downloader
2013-07-13 21:46:32    --------    d-----w-    c:\documents and settings\michele buscher\application data\SUPERAntiSpyware.com
2013-07-13 21:45:35    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-07-13 21:45:34    --------    d-----w-    c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-07-13 21:42:38    256904    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2013-07-13 21:38:23    --------    d-----w-    c:\documents and settings\all users\application data\CheckPoint
2013-07-13 08:43:00    --------    d-----w-    c:\documents and settings\michele buscher\local settings\application data\privazer
2013-07-13 08:41:01    --------    d-----w-    c:\program files\CCleaner
2013-07-13 07:01:35    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2013-07-13 07:01:35    --------    d-----w-    c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-07-13 06:49:33    21504    ----a-w-    c:\windows\system32\hidserv.dll
2013-07-13 06:49:33    21504    ----a-w-    c:\windows\system32\dllcache\hidserv.dll
2013-07-13 06:49:14    14592    ----a-w-    c:\windows\system32\drivers\kbdhid.sys
2013-07-13 06:49:14    14592    ----a-w-    c:\windows\system32\dllcache\kbdhid.sys
2013-07-13 06:48:16    --------    d-----w-    c:\documents and settings\michele buscher\Doctor Web
2013-07-13 06:38:15    57600    ----a-w-    c:\windows\system32\drivers\redbook.sys
2013-07-13 06:38:15    57600    ----a-w-    c:\windows\system32\dllcache\redbook.sys
2013-07-13 06:32:15    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-13 06:32:15    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-07-13 06:25:30    765736    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-07-13 06:25:30    174664    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-07-13 06:25:29    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-07-13 06:25:28    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-07-13 06:24:33    41664    ----a-w-    c:\windows\avastSS.scr
2013-07-13 06:23:57    --------    d-----w-    c:\program files\AVAST Software
2013-07-13 06:23:03    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2013-07-13 05:58:02    --------    d-----w-    c:\documents and settings\michele buscher\application data\Wise Uninstaller
.
==================== Find3M  ====================
.
2013-06-18 21:16:24    32816    ----a-w-    c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 21:16:22    593408    ----a-w-    c:\windows\system32\drivers\cmdGuard.sys
2013-06-18 21:16:22    18528    ----a-w-    c:\windows\system32\drivers\cmderd.sys
2013-06-18 21:15:50    35488    ----a-w-    c:\windows\system32\cmdcsr.dll
2013-06-18 21:15:48    348584    ----a-w-    c:\windows\system32\guard32.dll
2013-06-18 21:15:36    40664    ----a-w-    c:\windows\system32\cmdkbd32.dll
2013-06-18 21:15:36    278232    ----a-w-    c:\windows\system32\cmdvrt32.dll
.
============= FINISH:  1:59:11.71 ===============

 

 

 

 

 

 

 

 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/28/2006 12:43:20 PM
System Uptime: 7/21/2013 5:44:30 PM (105 hours ago)
.
Motherboard: Dell Inc. |  | 0MD541
Processor:         Intel® Pentium® M processor 1.73GHz | Microprocessor | 1054/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 89 GiB total, 16.618 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP827: 7/13/2013 12:59:40 AM - Removed Ad-Aware
RP828: 7/13/2013 1:07:07 AM - Removed AVG 2012
RP829: 7/13/2013 1:08:45 AM - Removed AVG 2012
RP830: 7/13/2013 1:14:44 AM - Removed Symantec AntiVirus
RP831: 7/13/2013 1:23:57 AM - avast! Free Antivirus Setup
RP832: 7/13/2013 2:36:07 PM - Removed BlackBerry Desktop Software 5.0.1.
RP833: 7/13/2013 3:18:51 PM - Restore point
RP834: 7/13/2013 5:38:37 PM - Removed GeekBuddy.
RP835: 7/13/2013 11:25:56 PM - july13
RP836: 7/14/2013 10:37:37 PM - Installed Windows XP Service Pack 3.
RP837: 7/14/2013 10:43:00 PM - Installed Windows XP KB938464.
RP838: 7/15/2013 10:57:02 PM - System Checkpoint
RP839: 7/16/2013 12:18:47 AM - bleepingattempt
RP840: 7/17/2013 12:46:00 AM - System Checkpoint
RP841: 7/18/2013 1:04:54 AM - System Checkpoint
RP842: 7/19/2013 3:15:49 AM - System Checkpoint
RP843: 7/19/2013 11:31:44 PM - Removed Microsoft Digital Image Standard 2006 Editor
RP844: 7/19/2013 11:33:02 PM - Removed Microsoft Digital Image Standard 2006 Library
RP845: 7/19/2013 11:51:00 PM - Removed QuickTime
RP846: 7/21/2013 12:57:38 AM - System Checkpoint
RP847: 7/22/2013 1:49:20 AM - System Checkpoint
RP848: 7/23/2013 2:59:13 AM - System Checkpoint
RP849: 7/24/2013 3:57:31 AM - System Checkpoint
RP850: 7/25/2013 5:49:19 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.5
Ahead Nero Burning ROM
ALPS Touch Pad Driver
AOLIcon
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Barbie® Pet Rescue
Bonjour
Broadcom Management Programs 2
BufferChm
CCleaner
COMODO Firewall
Conexant D110 MDC V.92 Modem
Corel Business Applications
CustomerResearchQFolder
D1500
D1500_Help
DAO
DellSupport
Digital Content Portal
Digital Line Detect
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
ELIcon
FastStone Photo Resizer 3.0
GdiplusUpgrade
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential 2.5
HPProductAssistant
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 17
KidiArt Studio
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office PowerPoint 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.6.23)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
mToolkit
mWlsSafe
mXML
mZConfig
Nations Photo Lab ROES
Nations Photo Lab ROES Easy
Photo Viewer 2.4
PrivaZer
PRS-500 USB driver
PSSWCORE
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
SmartWebPrintingOC
Socrates Media Product Browser
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
SUPERAntiSpyware
Toolbox
TreeSize Free V2.7
Tweaking.com - Windows Repair (All in One)
Unload
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Defender
Windows Driver Package - Sony Corporation (PRSUSB) USB  (08/08/2006 1.0.03.08080)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Mobile® Device Handbook
Works Upgrade
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
.
==== Event Viewer Messages From Past Week ========
.
7/20/2013 4:33:27 AM, error: Service Control Manager [7001]  - The AswRdr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  The system cannot find the file specified.
7/20/2013 4:33:27 AM, error: Service Control Manager [7000]  - The TCP/IP Protocol Driver service failed to start due to the following error:  The system cannot find the file specified.
7/20/2013 4:33:24 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AswRdr Lbd Tcpip TfFsMon TfSysMon
7/20/2013 4:33:22 AM, error: Service Control Manager [7023]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:  The system cannot find the file specified.
7/20/2013 4:33:22 AM, error: Service Control Manager [7001]  - The WLANKEEPER service depends on the EvtEng service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/20/2013 4:33:22 AM, error: Service Control Manager [7001]  - The Spectrum24 Event Monitor service depends on the EvtEng service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/20/2013 4:33:22 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/20/2013 4:33:22 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/20/2013 4:33:22 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/20/2013 4:33:22 AM, error: Service Control Manager [7001]  - The Computer Browser service depends on the Workstation service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/20/2013 4:33:06 AM, error: NetBT [4311]  - Initialization failed because the driver device could not be created.
7/19/2013 2:02:37 AM, error: Service Control Manager [7001]  - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:  The operation completed successfully.
7/19/2013 2:02:36 AM, error: DCOM [10005]  - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================
 

 

 

 

any help is appreciated.

 

thanks, jb

 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:25 PM

Posted 26 July 2013 - 06:55 PM

Greetings jb and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:25 PM

Posted 26 July 2013 - 07:33 PM

Greetings,

Thank you for your patience. There are several things I would like to address in this first post. As you are probably already aware, your computer is quite sick and has been compromised. As a result I must advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evidences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

If you choose to uninstall please go to Start, Control Panel, Add/Remove Programs (or Programs and Features) and uninstall the program.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • FRST log
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 liquidescapes

liquidescapes
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 July 2013 - 09:27 PM

hello gary

 

thanks for trying to see me through this.  i understand you are doing this just as  a service to humanity, so i am realistic about my expectations.  i am proceeding with the steps you suggested in the order you suggested them, but i wanted to share a couple of thoughts.

 

i have disabled avast and comodo firewall for the time being.  i have disabled the wi-fi on the computer (function f2).  will that completely cut  me off from the internet in the event that my XP becomes self aware and tries to lash out at me?   i have deleted spybot. 

 

when i run adwcleaner.exe, i get a window with options, run is not among them, but search is.  the search is quick, and i am not given the option to delete anything, and the computer does not reboot.  i am proceeding with the rest of the steps, but i just wanted to let you know that.

 

also, i have not noticed any weird financial transactions, and i have not had this computer on line for about 18 months.  thank you very much for the warnings, and if i get it back online, i will not use it for any financial transactions. 

 

as you may have read in the earlier posts, i tried all sorts of things to fix this, including some winsockrepair.exe programs.  i probably made things worse, but i wanted to be sure you knew i had done those things.  posting logs, thanks again.

 

my computer will not allow me to run jrt.exe.  when i double click, i get the following window:

 

7-zip sfx archive: error

 

Error duing execution ""c:\docum~1\michel~1\locals~1\temp\jrt\get.bat"",

access is denied

 

 

 

Ok, i'm officially batting 0 for 3 here.  after running FRST, i am prompted with a small window that says fsrt will save the file to the location it was run from, and then immediately after this a blank notepad window - untitled  - opens up, and then a small window opens on top of this, titled Notepad, which contains the following message:  

yellow triangle with exclamation point, cannot find the c:\documents and settings\michele buscher\desktop\addition.txt file.  (or \FRST.txt file)

do you want to create a new file?

 

when i click yes, addition.txt and FRST.txt show up on the desktop, but they're blank pages.  when i click no or cancel, i get nothing at all.

 

sorry, i'm not trying to make this harder than it has to be! 

 

 

here at least is the log from adwcleaner:

 

 

 

# AdwCleaner v2.306 - Logfile created 07/26/2013 at 21:07:27
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Michele Buscher - BIGGIE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Michele Buscher\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\.autoreg
Folder Found : C:\Documents and Settings\Michele Buscher\Application Data\Viewpoint

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18241

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.23 (en-US)

File : C:\Documents and Settings\Michele Buscher\Application Data\Mozilla\Firefox\Profiles\fq18ul0u.default\prefs.js

[OK] File is clean.

*************************


########## EOF - C:\AdwCleaner[R1].txt - [0 octets] ##########
# AdwCleaner v2.306 - Logfile created 07/26/2013 at 21:07:27
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Michele Buscher - BIGGIE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Michele Buscher\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\.autoreg
Folder Found : C:\Documents and Settings\Michele Buscher\Application Data\Viewpoint

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18241

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.23 (en-US)

File : C:\Documents and Settings\Michele Buscher\Application Data\Mozilla\Firefox\Profiles\fq18ul0u.default\prefs.js

[OK] File is clean.

*************************


########## EOF - C:\AdwCleaner[R1].txt - [0 octets] ##########

 

 

thank you, jb
 

 

 

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:25 PM

Posted 26 July 2013 - 09:40 PM

Thanks for trying. Do you have your XP installation disk?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 liquidescapes

liquidescapes
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 July 2013 - 09:53 PM

no, i'm sorry, i do not have that.  there was a switch in residency during the time this computer was off line, the odds of me finding that disk are almost non-existent.

 

thanks, jb



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:25 PM

Posted 26 July 2013 - 09:56 PM

OK, let's try to run FRST this way.

===================================================

Farbar's Recovery Scan Tool Using Windows XP Recovery Console

--------------------

Creating an Artellos XP Recovery Console CD
  • Please click here to go to the ARCDC download page
  • Right click on Latest EXE Download and select Save Link As...
  • Save it to your desktop as ARCDC.exe
  • Double click ARCDC.exe, select Run, then OK
  • You see 6 options. Please pick: Windows Professional SP2 & SP3 (If you do not have SP2 & SP3 installed please select the option that applies (i.e. SP2) . <<< IMPORTANT)
  • Click Yes on the License Agreement
  • Select Use Default Files
  • It is normal to see numerous black screens flash and disappear
  • Click Burn on the Your ISO is created! screen
  • A BurnCDCC window will open
  • The File Image box should automatically be populated with the XPRC.iso file path on your desktop. If not, browse to the file and double click it
  • The Device box should list your CD/DVD
  • Insert a CD into the CD device then click Start
  • Once completed close the program and remove the CD
  • Plug the USB device with Farbar's Recovery Scan Tool on it into the infected PC
  • Insert the newly created Artellos XP Recovery Console CD in the computer's optical disk drive tray
  • Start or re-start the computer so that it boots from the CD. You may be prompted to "Press any key". (If you don't get this you have to change the boot order from the BIOS)
  • When the Welcome to Setup screen appears, press the R key on your keyboard to start the Recovery Console.
  • The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have just one Windows installation (typical), type 1 and press enter. If you have multiple Windows installations (less typical), it will list each one. Enter the number associated with the operating system of concern
  • You will be prompted for the Administrator's password. If there is no password simply press ENTER. If a password is required but you don't know it see this.
  • Please continue with the following steps once you are presented with a C:\Windows> prompt. If you do not see this prompt, stop here and advise me of that fact
----------

Running Farbar's Recovery Scan Tool
  • In the command prompt type in dir e:\, press Enter, then see if the FRST program is listed

Note: You may need to type in different letters to locate the FRST program (ex. f: g: etc.)

  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 liquidescapes

liquidescapes
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 July 2013 - 10:15 PM

pretty soon, i'm going to see just how well a closed laptop simulates a frisbee...

 

when i try to run arcdc.exe, i get the following window:

 

arcdc.exe

 windows cannot access the specified device, path, or file.  you many not have the appropriate permissions to access the item.

 

i am logged into the computer as the administrator, i just logged off and logged back in to make sure. 

 

thanks, jb

 

 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:25 PM

Posted 26 July 2013 - 10:26 PM

If you are getting that error trying to create the CD attempt it on a clean machine.

Edited by Oh My, 26 July 2013 - 10:32 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 liquidescapes

liquidescapes
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 27 July 2013 - 04:01 PM

hello

 

just an update on what's happening.  i was able to create the arcdc.exe disc, and change the boot order, disable password, but now i'm stumped.  when i search for dir f:\ (usb stick always shows up as f drive) i get the following:

 

the volume in drive f has no label

the volume serial number is 0000-0000

 

directory of f:\

 

lists 13 files, all from 2004-2006. 

 

i erased the usb stick, and still get the same 13 files.  i get them even when the usb stick is not plugged in.  i tried plugging it in to different usb ports.  i have a wireless mouse that has  a tiny little usb plug in, so i unplugged that in case it was detecting that, and nothing changed. 

 

no other letter directories are valid, except for dir C:\.  this directory contains 35 files, including FRST, which is labeled as follows:

 

07/26/13 09:22p                 d-------                  0 FRST

 

FRST is in the c drive, i have a folder full of downloads from bleepingcomputer.

 

i'm tempted to run it from there, but i will wait for your advice on the matter. 

 

thanks, jb



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:25 PM

Posted 27 July 2013 - 04:16 PM

At the command prompt type Notepad then hit enter.  Navigate through your drives to find FRST.  You will need to change Text to All Files in order to see it.  That will be your drive. 


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 liquidescapes

liquidescapes
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 27 July 2013 - 04:55 PM

I'm sorry but i am having trouble here.  where should i type notepad?  i tried it at c:\windows>   while in the repair option of arddc boot disc, but the command is not recognized.  is that the command prompt? 

 

i apologize for not understanding some terminology that's probably pretty basic, but unfamiliar to me. 

 

should i start windows normally, through the IDD, and then start-run-cmd?  sorry, not trying to be dense.

 

thanks, jb






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users