System Check Virus ... Can't System Restore even in Safe Mode

Started by Maddielee, February 23, 2012, 01:12:50 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 3 4 5
User actions

Corrine

#15
February 23, 2012, 08:30:29 PM
Double-click RKill on your desktop and try again.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Maddielee

#16
February 23, 2012, 08:42:31 PM
rkill log  (don't know if you need this)

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/23/2012 at 15:40:44.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 02/23/2012 at 15:40:49.

Corrine

#17
February 23, 2012, 08:47:37 PM
Now see if you can install MBAM. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Maddielee

#18
February 23, 2012, 08:49:04 PM
Access Denied during Set Up  after running rkill again.

Corrine

#19
February 23, 2012, 09:21:37 PM
Hi, Maddielee. 

Based on the findings of TDSSKiller, I don't have a lot of hope for your computer.  However, let's give this a try.  Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:

  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click "Yes" to continue scanning for malware.

  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Maddielee

#20
February 23, 2012, 09:53:53 PM
ComboFix log:

ComboFix 12-02-23.01 - Administrator 02/23/2012  16:36:25.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.699 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~2t8ZlHyKXRG0EX
c:\documents and settings\All Users\Application Data\~2t8ZlHyKXRG0EXr
c:\documents and settings\All Users\Application Data\2t8ZlHyKXRG0EX
c:\documents and settings\All Users\Application Data\2t8ZlHyKXRG0EX.exe
c:\documents and settings\All Users\Application Data\DvhhCCFbLujqW.exe
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\Catherine\GoToAssistDownloadHelper.exe
c:\documents and settings\Catherine\WINDOWS
c:\windows\system32\setb7.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-23 to 2012-02-23  )))))))))))))))))))))))))))))))
.
.
2012-02-23 15:58 . 2012-02-23 15:58   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-02-22 20:48 . 2012-02-23 15:50   --------   d-----w-   c:\documents and settings\Administrator
2012-02-15 10:41 . 2012-01-11 19:06   3072   ---h--w-   c:\windows\system32\iacenc.dll
2012-02-15 10:41 . 2012-01-11 19:06   3072   ---h--w-   c:\windows\system32\dllcache\iacenc.dll
2012-01-31 16:59 . 2012-01-31 16:59   --------   d--h--w-   c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-04 10:00   1859968   ---ha-w-   c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-04 10:00   916992   ---ha-w-   c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 10:00   43520   ---ha-w-   c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 10:00   1469440   ---ha-w-   c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 10:00   385024   ---ha-w-   c:\windows\system32\html.iec
2011-12-14 20:23 . 2011-07-20 13:42   414368   ---ha-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2009-01-19 13:31   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-04 10:00   293376   ---ha-w-   c:\windows\system32\winsrv.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51   3911776   ---ha-w-   c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b80f591e-fe9a-46cf-a13e-180377240586}]
2010-12-09 17:51   3911776   ---ha-w-   c:\program files\Elf_1.13\tbElf_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files\Elf_1.13\tbElf_.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-03-12 11776]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"HostManager"="c:\program files\Common Files\AOL\1129765693\ee\AOLSoftware.exe" [2010-03-08 41800]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2010-07-13 70720]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-12 110592]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1193848]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-09-11 53248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 22:22   421736   ---ha-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-04-05 01:21   26112   -c-ha-w-   c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48   479232   -c-ha-w-   c:\program files\Google\Gmail Notifier\gnotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129765693\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129765693\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [9/14/2010 7:42 AM 82952]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/14/2010 7:42 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [9/14/2010 7:42 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [9/14/2010 7:42 AM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [9/14/2010 7:42 AM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [9/14/2010 7:42 AM 88480]
R3 ndisrd;WinpkFilter Service;c:\windows\SYSTEM32\DRIVERS\ndisrd.sys [8/8/2010 3:50 PM 20480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 4:24 PM 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/14/2010 7:42 AM 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/14/2010 7:42 AM 271480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [9/14/2010 7:42 AM 55456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 4:24 PM 135664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [9/14/2010 7:42 AM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [9/14/2010 7:42 AM 83496]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\CA\PCPitstopScheduleService.exe [4/3/2010 7:44 AM 90296]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-13 12:15]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:23]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/mywaybiz
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-DvhhCCFbLujqW.exe - c:\documents and settings\All Users\Application Data\DvhhCCFbLujqW.exe
SafeBoot-klmdb.sys
SafeBoot-ykciilw32
MSConfigStartUp-PicasaNet - c:\program files\Hello\Hello.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-23 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3309822840-836792384-1404327448-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,6c,b0,89,d9,9f,7c,4d,95,fc,47,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,6c,b0,89,d9,9f,7c,4d,95,fc,47,\
.
Completion time: 2012-02-23  16:51:01
ComboFix-quarantined-files.txt  2012-02-23 21:50
.
Pre-Run: 5,195,309,056 bytes free
Post-Run: 5,760,417,792 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D748431D7C6F62ABF2863CEF06AD1551

winchester73

#21
February 23, 2012, 10:10:42 PM
See if MBAM will install now ...
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Maddielee

#22
February 23, 2012, 10:33:20 PM
Yeah!  MBAM installed...here's the log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.23.03

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: CATHY [administrator]

2/23/2012 5:25:51 PM
mbam-log-2012-02-23 (17-25-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199773
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Data:  -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Corrine

#23
February 23, 2012, 10:41:42 PM
Great!  Next, please follow the instructions in Log Posting Instructions so we can see what else is on the computer and let us know how your computer is now.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Maddielee

#24
February 23, 2012, 11:12:32 PM
DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 18:08:22 on 2012-02-23
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.728 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell4me.com/mywaybiz
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100914084238.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\tbElf_.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\tbElf_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe"
mRun: [DellMCM] "c:\program files\dell photo aio printer 942\memcard.exe"
mRun: [HostManager] c:\program files\common files\aol\1129765693\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 8\PostUpdate.exe" 1014021
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{34F54E58-544B-4B14-81A9-61E53117F259} : DhcpNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-14 82952]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-14 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-14 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-14 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-14 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-14 88480]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-8-8 20480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-14 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-14 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-14 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-14 170144]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-14 55456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-22 152320]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-22 51688]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-14 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-14 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-11 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-11 40552]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\ca\PCPitstopScheduleService.exe [2010-4-3 90296]
.
=============== Created Last 30 ================
.
2012-02-23 22:23:15   --------   d-----w-   c:\documents and settings\administrator\application data\Malwarebytes
2012-02-23 21:31:27   --------   d-sha-r-   C:\cmdcons
2012-02-23 21:29:08   98816   ----a-w-   c:\windows\sed.exe
2012-02-23 21:29:08   518144   ----a-w-   c:\windows\SWREG.exe
2012-02-23 21:29:08   256000   ----a-w-   c:\windows\PEV.exe
2012-02-23 21:29:08   208896   ----a-w-   c:\windows\MBR.exe
2012-02-23 15:58:23   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-02-23 15:50:36   --------   d-sh--w-   c:\documents and settings\administrator\IECompatCache
2012-02-23 15:49:40   --------   d-sh--w-   c:\documents and settings\administrator\PrivacIE
2012-02-22 20:49:38   --------   d-sh--w-   c:\documents and settings\administrator\IETldCache
2012-02-15 10:41:02   3072   ------w-   c:\windows\system32\iacenc.dll
2012-02-15 10:41:02   3072   ------w-   c:\windows\system32\dllcache\iacenc.dll
2012-01-31 16:59:49   --------   d-----w-   c:\program files\iPod
.
==================== Find3M  ====================
.
2012-01-12 16:53:24   1859968   ----a-w-   c:\windows\system32\win32k.sys
2011-12-17 19:46:36   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-12-17 19:46:36   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58   385024   ----a-w-   c:\windows\system32\html.iec
2011-12-14 20:23:56   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24:06   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:09:43.57 ===============

Maddielee

#25
February 23, 2012, 11:15:36 PM
attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/11/2005 10:17:13 AM
System Uptime: 2/23/2012 6:05:01 PM (0 hours ago)
.
Motherboard: Dell Inc.           |  | 0M3918
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 34 GiB total, 5.394 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP490: 1/12/2012 3:00:21 AM - Software Distribution Service 3.0
RP491: 1/13/2012 3:20:39 AM - System Checkpoint
RP492: 1/14/2012 3:56:39 AM - System Checkpoint
RP493: 1/15/2012 5:32:57 AM - System Checkpoint
RP494: 1/16/2012 6:31:56 AM - System Checkpoint
RP495: 1/17/2012 3:00:20 AM - Software Distribution Service 3.0
RP496: 1/17/2012 10:40:07 AM - Removed iTunes
RP497: 1/17/2012 10:52:02 AM - Installed iTunes
RP498: 1/18/2012 11:22:55 AM - System Checkpoint
RP499: 1/19/2012 1:07:05 PM - System Checkpoint
RP500: 1/20/2012 1:08:10 PM - System Checkpoint
RP501: 1/21/2012 4:42:35 PM - System Checkpoint
RP502: 1/22/2012 5:41:21 PM - System Checkpoint
RP503: 1/23/2012 6:19:30 PM - System Checkpoint
RP504: 1/24/2012 9:38:39 PM - System Checkpoint
RP505: 1/25/2012 10:29:14 PM - System Checkpoint
RP506: 1/26/2012 11:02:00 PM - System Checkpoint
RP507: 1/27/2012 11:40:39 PM - System Checkpoint
RP508: 1/29/2012 12:00:44 AM - System Checkpoint
RP509: 1/30/2012 12:35:39 AM - System Checkpoint
RP510: 1/31/2012 9:25:18 AM - System Checkpoint
RP511: 2/1/2012 10:40:52 AM - System Checkpoint
RP512: 2/2/2012 11:20:43 AM - System Checkpoint
RP513: 2/3/2012 11:37:46 AM - System Checkpoint
RP514: 2/4/2012 11:47:03 AM - System Checkpoint
RP515: 2/5/2012 12:10:22 PM - System Checkpoint
RP516: 2/6/2012 1:01:41 PM - System Checkpoint
RP517: 2/7/2012 1:12:19 PM - System Checkpoint
RP518: 2/8/2012 3:58:10 PM - System Checkpoint
RP519: 2/9/2012 6:07:35 PM - System Checkpoint
RP520: 2/10/2012 8:05:04 PM - System Checkpoint
RP521: 2/11/2012 9:29:05 PM - System Checkpoint
RP522: 2/13/2012 3:05:36 PM - System Checkpoint
RP523: 2/14/2012 4:17:29 PM - System Checkpoint
RP524: 2/15/2012 5:52:54 PM - System Checkpoint
RP525: 2/16/2012 3:00:17 AM - Software Distribution Service 3.0
RP526: 2/17/2012 5:22:53 AM - System Checkpoint
RP527: 2/18/2012 6:24:25 AM - System Checkpoint
RP528: 2/19/2012 8:42:50 AM - System Checkpoint
RP529: 2/20/2012 9:03:43 AM - System Checkpoint
RP530: 2/21/2012 9:37:36 AM - System Checkpoint
RP531: 2/22/2012 12:14:11 PM - Restore Operation
RP532: 2/22/2012 12:47:06 PM - Restore Operation
RP533: 2/22/2012 1:17:46 PM - Restore Operation
RP534: 2/22/2012 2:26:05 PM - Restore Operation
RP535: 2/22/2012 2:57:58 PM - Restore Operation
RP536: 2/22/2012 3:23:11 PM - Restore Operation
RP537: 2/23/2012 2:23:30 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0.9
AnswerWorks 4.0 Runtime - English
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CA PC Tune-Up 2.0.0.8
Conduit Engine
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Photo AIO Printer 942
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Download Updater (AOL LLC)
Elf 1.13 Toolbar
Family Tree Maker
Google Gmail Notifier
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
InterActual Player
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LabelCreator Pro
Logitech MouseWare 9.79.1
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft VC9 runtime libraries
Microsoft Web Publishing Wizard 1.52
MobileMe Control Panel
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
My Way Search Assistant
Photobucket Uploader
Picasa 3
PowerDVD 5.3
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
The Print Shop
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB955759)
Update for Windows XP (KB971029)
Verizon FiOS Activation
Verizon Online DSL
Viewpoint Media Player
WebFldrs XP
WexTech AnswerWorks
Windows Driver Package - Intel Corporation (ialm) Display  (03/23/2006 6.14.10.4543)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 12
.
==== Event Viewer Messages From Past Week ========
.
2/23/2012 11:41:00 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/23/2012 10:53:16 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/22/2012 8:23:48 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
2/22/2012 8:23:33 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips intelppm IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:  A device attached to the system is not functioning.
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The Fax service depends on the Print Spooler service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
2/22/2012 8:23:33 AM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
2/22/2012 8:22:48 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/22/2012 3:49:43 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/22/2012 1:09:53 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm
.
==== End Of File ===========================

Corrine

#26
February 24, 2012, 12:45:38 AM
Hi, Maddielee.

I expect I can explain how you got infected in the first place --  from the old and vulnerable versions of Adobe Reader and even older and more highly vulnerable versions of Java on your computer.

1.  Please go to Add/Remove programs and uninstall the following.  Follow the uninstall with a shutdown/restart.

Adobe Reader 7.0.9
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Macromedia Flash Player

2.  I also suggest you consider uninstalling the Conduit and the Elf Toolbar they are reputed to have a certain trackware functionality.  The My Way Search Assistant is reputed to anonymously report your surfing activity when on a myway or myway affiliated site.

Conduit Engine
Elf 1.13 Toolbar
My Way Search Assistant

3.  Next, either download the current version of Adobe Reader or switch to an alternate PDF reader.  I don't need to access PDF files all that frequently and have found Sumatra PDF to be a nice alternative.  Another alternate is Nitro Reader.

To continue using Adobe Reader, the direct download link:  ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.2/en_US/AdbeRdr1012_en_US.exe

4.  Go to http://www.oracle.com/technetwork/java/javase/downloads/jre-7u3-download-1501631.html to download the latest version of Java.  Tick the box to Accept License Agreement and select the following:

Windows x86 Offline   19.38 MB     jre-7u3-windows-i586.exe

Note:  Pay attention when installing Adobe and Java.  If offered any toolbars or other add-ons by either, be sure to uncheck any offers as they are not necessary to install the update.

5.  Personally, I would not allow any programs in the Trusted Zone.  After all, even well known sites can be the victim of an SQL injection, hidden scripts, and more.If you elect to remove the entry from the Trusted Zone, please do the following:

  • Launch Internet Explorer, click Internet Options on the Tools  menu, and then click the Security tab.
  • Click Trusted Sites, and then click Sites.
  • Click musicmatch.com\online, and then click Remove.

6.  After you have completed all of the above (whew!) please do the following:

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:

Code Select

RegLock::
[HKEY_USERS\S-1-5-21-3309822840-836792384-1404327448-500\Software\Microsoft\Internet Explorer\User Preferences]


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please advise how your computer is now.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Maddielee

#27
February 24, 2012, 01:24:56 AM
Thank you Corrine....While in Safe Mode I can access the Control Panel, but receive the following pop-up when I try to Remove the programs you listed.

"the windows installer could not be accessed.  his can occur if you are running Windows in safe mode, or the Windows installer is not correctly installed.  contact your support personnel for assistance."

When I opened Windows (NOT IN safe mode) there is nothing in the box that I usually see the Control Panel in.  NOTHING.  Only 'programs' seem to be there????

Corrine

#28
February 24, 2012, 01:52:39 AM
Hi, Maddielee.

Sorry, I forgot to include the instructions to run Unhide.exe.  This was the type of infection that will hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. 

This program will remove the +H, or hidden, attribute from all the files on your hard drives.  It is important to note that if there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Maddielee

#29
February 24, 2012, 02:10:25 PM
Good morning.  I have run the 'unhide' a couple times (with MacAfee disarmed, I thin) and I still don't seem to have any Files??? 

Print
Go Up Pages 1 2 3 4 5
User actions