1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Folder are "not found" and will not open.

Discussion in 'Malware and Virus Removal Archive' started by EUnismo, 2010/06/02.

Thread Status:
Not open for further replies.
  1. 2010/06/02
    EUnismo

    EUnismo Inactive Thread Starter

    Joined:
    2010/06/02
    Messages:
    19
    Likes Received:
    0
    [Inactive] Folder are "not found" and will not open.

    I am using XP Home SP3 on a computer that previously had a virus and now after removing the virus, the folders will not open. However, they are accessible if they are menus on the start menu and in safe mode, but otherwise they are not found. Also, Removeable drives are stated as "not ready ". Any ideas? I have already tried to re-register using Start > Run > regsvr32 /i shell32.dll > Enter. :confused:

    DDS:


    DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
    Run by Mr. Hyatt at 20:08:00.03 on Wed 06/02/2010
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.504.241 [GMT -4:00]

    AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\userinit.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\explorer.exe
    H:\dds.scr
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    mWinlogon: Shell=Explorer.exe c:\windows\config\csrss.exe
    uWinlogon: Shell=c:\program files\privacy components\pc.exe
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: ShoppingReport: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
    BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
    BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\cbXPiFwV.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: WinSafe Class: {b6b571fb-b71d-449c-ad70-82e966328795} - c:\windows\iehost.dll
    BHO: {D032570A-5F63-4812-A094-87D007C23012} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: ShopperReports: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe "
    dRun: [Symantec Network Driver Update Warning] c:\progra~1\symantec\liveup~1\SNDWarn.EXE
    uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
    IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    LSP: c:\windows\temp\ntdll64.dll
    Trusted Zone: antimalwareguard.com
    Trusted Zone: gomyhit.com
    Trusted Zone: antimalwareguard.com
    Trusted Zone: gomyhit.com
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
    DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
    DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    DPF: {205FF73B-CA67-11D5-99DD-444553540000} - hxxp://www.spywarestormer.com/files2/Install.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - hxxp://zone.msn.com/bingame/pacz/default/pandaonline.cab
    DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://207.188.7.150/136c36f6b597577da420/netzip/RdxIE2.cab
    DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132186887156
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab35645.cab
    DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - hxxp://static.zangocash.com/cab/Zango/ie/bridge-c8.cab?9b91da394bb089c426c4c8fcb2032040a0984db8ccad09aad24d7ebc200f0941a5b810e6eae0e4827334f18e895434b50ff31e0c2b0e8f858ddc2e736e:e3eb4becbb5c1ba39dd084361d36488e
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab
    DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
    DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab38514.cab
    Notify: cbXPiFwV - cbXPiFwV.dll
    Notify: igfxcui - igfxsrvc.dll
    AppInit_DLLs: avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\cbXPiFwV.dll
    LSA: Notification Packages = :\windows\system32\srrst

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\mr371a~1.hya\applic~1\mozilla\firefox\profiles\lhj5uted.default\
    FF - plugin: c:\documents and settings\mr. hyatt\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{5B05F429-41CC-4CBB-99D1-B32F43AC0A44}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-20 40840]
    R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-20 66952]
    R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-20 81288]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-20 356920]
    R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-20 1079176]
    S1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-2-20 160792]
    S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\temp\20.tmp --> c:\windows\temp\20.tmp [?]
    S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-1 38224]
    S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2008-6-30 31872]

    =============== Created Last 30 ================

    2010-06-02 06:32:02 0 d-----w- C:\!KillBox
    2010-06-02 06:21:05 0 d-----w- C:\HJT
    2010-06-02 06:17:36 0 d-----w- c:\program files\Trend Micro
    2010-06-02 06:16:14 0 dc----w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-06-02 04:29:09 0 d-----w- c:\windows\pss
    2010-06-01 18:01:35 0 d-----w- c:\docume~1\mr371a~1.hya\applic~1\Malwarebytes
    2010-06-01 17:59:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-06-01 17:57:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-01 17:57:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-01 17:57:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-01 17:57:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-06-01 17:56:37 0 d-----w- c:\program files\CCleaner

    ==================== Find3M ====================

    2008-08-09 03:39:44 53934 -c--a-w- c:\program files\INSTALL.LOG
    2008-09-18 04:30:13 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

    ============= FINISH: 20:08:52.59 ===============


    Attach:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/9/2004 1:35:23 PM
    System Uptime: 6/2/2010 8:05:44 PM (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | KIRIN-V
    Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | PGA 478 | 2679/133mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 14 GiB total, 3.219 GiB free.
    D: is FIXED (NTFS) - 55 GiB total, 54.385 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    H: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&2A083901&0
    Manufacturer: (Standard keyboards)
    Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&2A083901&0
    Service: i8042prt

    ==== System Restore Points ===================

    RP1328: 11/29/2008 5:06:50 PM - Installed AVG 8.0
    RP1329: 11/30/2008 9:12:15 PM - System Checkpoint
    RP1330: 12/4/2008 6:55:02 PM - System Checkpoint
    RP1331: 12/6/2008 11:18:44 PM - System Checkpoint
    RP1332: 12/9/2008 10:21:35 PM - System Checkpoint
    RP1333: 12/10/2008 11:43:02 PM - Software Distribution Service 3.0
    RP1334: 12/13/2008 12:15:03 AM - System Checkpoint
    RP1335: 12/15/2008 1:09:46 PM - System Checkpoint
    RP1336: 12/17/2008 11:30:39 PM - Software Distribution Service 3.0
    RP1337: 12/20/2008 1:50:38 AM - System Checkpoint
    RP1338: 12/21/2008 5:27:03 PM - System Checkpoint
    RP1339: 12/22/2008 11:00:22 PM - System Checkpoint
    RP1340: 12/25/2008 7:12:10 AM - System Checkpoint
    RP1341: 1/1/2009 10:58:23 PM - System Checkpoint
    RP1342: 1/3/2009 12:35:30 AM - System Checkpoint
    RP1343: 1/4/2009 4:29:25 PM - System Checkpoint
    RP1344: 1/5/2009 9:49:35 PM - System Checkpoint
    RP1345: 1/6/2009 10:06:30 PM - System Checkpoint
    RP1346: 1/9/2009 6:49:22 PM - System Checkpoint
    RP1347: 1/10/2009 7:36:20 PM - System Checkpoint
    RP1348: 1/12/2009 11:06:50 PM - System Checkpoint
    RP1349: 1/13/2009 11:15:42 PM - Software Distribution Service 3.0
    RP1350: 1/15/2009 8:16:13 PM - System Checkpoint
    RP1351: 1/17/2009 8:33:55 PM - System Checkpoint
    RP1352: 1/19/2009 12:52:39 PM - System Checkpoint
    RP1353: 1/21/2009 4:37:44 PM - System Checkpoint
    RP1354: 1/22/2009 5:05:53 PM - System Checkpoint
    RP1355: 1/23/2009 7:08:20 PM - System Checkpoint
    RP1356: 1/24/2009 8:15:23 PM - System Checkpoint
    RP1357: 1/27/2009 9:49:58 PM - System Checkpoint
    RP1358: 1/29/2009 10:00:31 PM - System Checkpoint
    RP1359: 2/1/2009 1:45:15 PM - System Checkpoint
    RP1360: 2/4/2009 4:21:00 PM - System Checkpoint
    RP1361: 2/6/2009 4:24:04 PM - System Checkpoint
    RP1362: 2/9/2009 12:24:50 PM - System Checkpoint
    RP1363: 2/10/2009 6:40:30 PM - System Checkpoint
    RP1364: 2/10/2009 9:44:22 PM - Installed Java(TM) 6 Update 11
    RP1365: 2/11/2009 11:06:50 PM - Software Distribution Service 3.0
    RP1366: 2/13/2009 6:06:59 PM - System Checkpoint

    ==== Installed Programs ======================


    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 6.0
    Adobe Shockwave Player
    Advertisement Service
    Agere Systems AC'97 Modem
    Anti-Spyware
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Deskbar
    AOL Uninstaller (Choose which Products to Remove)
    AOL You've Got Pictures Screensaver
    Apple Mobile Device Support
    Apple Software Update
    AT&T Internet Security Wizard 1.5.11
    AT&T Toolbar
    ATI Control Panel
    ATI Display Driver
    Authentium
    BellSouth Application Management
    BellSouth® Scan and Clean Tool
    Bonjour
    CCleaner
    Drivers Install For Linksys Easylink Advisor
    FastAccess® DSL Help Center 4.3
    Google Chrome
    Google Toolbar for Internet Explorer
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Intel(R) Extreme Graphics Driver
    Intel(R) PRO Network Adapters and Drivers
    iTunes
    Java(TM) 6 Update 11
    Java(TM) 6 Update 7
    LimeWire 5.0.11
    Linksys EasyLink Advisor 1.6 (0032)
    Malwarebytes' Anti-Malware
    Memory Stick Formatter
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works 7.0
    Mozilla Firefox (3.0.6)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Music Visualizer Library 1.4.00
    Netscape (7.02)
    NVIDIA Windows 2000/XP Display Drivers
    OpenMG Limited Patch 3.2-03-02-21-08
    OpenMG Limited Patch 3.2-03-03-18-01
    OpenMG Limited Patch 3.2-03-04-14-02
    OpenMG Secure Module 3.2
    PCFriendly
    PictureGear Studio 2.0
    Pinnacle Instant DVD Recorder
    Pure Networks Port Magic
    QuickTime
    RealPlayer Basic
    Revo Uninstaller 1.75
    Screensavers Installer
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB960715)
    Shockwave
    ShopperReports
    SonicStage 1.6.00
    Sony Certificate PCH
    Sony on Yahoo! Essentials
    Sony Video Shared Library
    Spyware Doctor 6.0
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    VAIO BrightColor Wallpaper
    VAIO Help and Support
    VAIO Media 2.6
    VAIO Media Integrated Server 2.6
    VAIO Media Redistribution 2.6
    VAIO Registration
    VAIO Support
    VAIO Survey Standalone
    VAIO System Information
    Viewpoint Media Player
    WebFldrs XP
    WexTech AnswerWorks
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WordSearcher

    ==== Event Viewer Messages From Past Week ========

    6/2/2010 12:21:14 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll. Reference error message: The operation completed successfully. .
    6/2/2010 12:11:17 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastUI.exe. Reference error message: The operation completed successfully. .
    6/2/2010 12:02:18 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    6/2/2010 12:02:18 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    6/2/2010 12:01:35 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastSvc.exe. Reference error message: The operation completed successfully. .
    6/2/2010 1:54:50 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
    6/2/2010 1:40:47 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\aavm4h.dll. Reference error message: The operation completed successfully. .
    6/1/2010 2:34:34 PM, error: System Error [1003] - Error code 10000050, parameter1 bad0b148, parameter2 00000000, parameter3 8056d729, parameter4 00000000.
    6/1/2010 2:33:41 PM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
    6/1/2010 2:33:06 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe. Reference error message: The operation completed successfully. .
    6/1/2010 2:00:20 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\avastUI.exe. Reference error message: The operation completed successfully. .
    6/1/2010 2:00:15 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\defs\10052401\aswCmnBS.dll. Reference error message: The operation completed successfully. .
    6/1/2010 2:00:15 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\ashBase.dll. Reference error message: The operation completed successfully. .
    6/1/2010 2:00:05 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\defs\10052401\aswScan.dll. Reference error message: The operation completed successfully. .
    6/1/2010 2:00:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
    6/1/2010 11:58:36 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    6/1/2010 11:50:32 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\ALWILS~1\Avast5\1033\Base.dll. Reference error message: The operation completed successfully. .
    6/1/2010 11:41:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    6/1/2010 11:30:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    6/1/2010 11:25:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    6/1/2010 11:24:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi DMICall Fips i8042prt intelppm IPSec MRxSmb NetBIOS NetBT pctfw2 RasAcd Rdbss Tcpip WS2IFSL
    6/1/2010 11:24:47 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    6/1/2010 11:24:47 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/1/2010 11:24:47 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/1/2010 11:24:47 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    6/1/2010 11:24:47 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/1/2010 11:24:47 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/1/2010 11:24:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/1/2010 1:55:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall Fips i8042prt intelppm IPSec MRxSmb NetBIOS NetBT pctfw2 RasAcd Rdbss Tcpip WS2IFSL

    ==== End Of File ===========================
     
  2. 2010/06/02
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,680
    Likes Received:
    104
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     

  3. to hide this advert.

  4. 2010/06/02
    EUnismo

    EUnismo Inactive Thread Starter

    Joined:
    2010/06/02
    Messages:
    19
    Likes Received:
    0
    Thanks for the P2P tip! I really appreciate the help! :)
     
  5. 2010/06/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Any reason, you ran DDS from Safe Mode?
     
  6. 2010/06/02
    EUnismo

    EUnismo Inactive Thread Starter

    Joined:
    2010/06/02
    Messages:
    19
    Likes Received:
    0
    The computer I am having trouble with is not connected to the internet so I downloaded DDS onto a jump drive and the drive was "not ready" in regular mode.
     
  7. 2010/06/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Any particular reason, it's not connected.
    Has it been ever connected before?

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://free.antivirus.com/hijackthis/
    by clicking on Installer under Version 2.0.4
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. 2010/06/02
    EUnismo

    EUnismo Inactive Thread Starter

    Joined:
    2010/06/02
    Messages:
    19
    Likes Received:
    0
  9. 2010/06/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Skip Malwarebytes, for now.
    Proceed with GMER and HJT.
     
  10. 2010/06/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You didn't answer my questions:
     
  11. 2010/06/02
    EUnismo

    EUnismo Inactive Thread Starter

    Joined:
    2010/06/02
    Messages:
    19
    Likes Received:
    0
    This computer was not used for a while (~1 year) and now I am trying to fix it and have not yet connected it to my network. Yes, it was previously connected via dial-up.
     
  12. 2010/06/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)
     
  13. 2010/06/02
    EUnismo

    EUnismo Inactive Thread Starter

    Joined:
    2010/06/02
    Messages:
    19
    Likes Received:
    0
    While scanning using GMER, I got a blue screen saying A problem was detected and it was cause bu kgkorfod.sys and the Technical Information is:
    *** STOP: 0x00000050 (0xE3B9F000,0x00000000,0xBAFE9C3E,0x00000001)

    *** kgkkorfod.sys - Address BAFE9C3E base at BAFE9000, DateStamp 4b274f8d

    Also, the physical memory was dumped
     
  14. 2010/06/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    .....
     
  15. 2010/06/03
    EUnismo

    EUnismo Inactive Thread Starter

    Joined:
    2010/06/02
    Messages:
    19
    Likes Received:
    0
    The GMER log is not from a complete scan for the "Save" feature was not shown on the screen in safe mode and the resolution could not be changed. The log is from running in regular mode. If there is a way to change resoultion in safe mode I can run a full scan.


    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-06-03 21:03:26
    Windows 5.1.2600 Service Pack 3
    Running: euz5wz0m.exe; Driver: C:\DOCUME~1\MR371A~1.HYA\LOCALS~1\Temp\kgkorfod.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior; MBR rootkit code detected
    Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 09: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 12: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 13: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 14: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 15: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 16: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 17: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 18: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 19: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 20: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 21: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 22: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 23: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 24: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 25: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 26: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 27: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 28: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 29: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 30: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 31: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 34: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 35: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 36: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 37: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 38: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 39: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 40: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 41: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 42: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 43: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 44: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 45: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 46: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 47: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 48: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 49: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 50: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 51: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 52: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 54: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 55: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 56: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 58: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 59: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; malicious code @ sector 0x950e4c1 size 0x1a8
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;

    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwClose [0xEC652B4C]
    Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwCreateSection [0xEC652DB7]
    Code 82BD1A48 ZwEnumerateKey
    Code 82BD1BC0 ZwFlushInstructionCache
    Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwSetInformationFile [0xEC652235]
    Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwWriteFile [0xEC651E81]
    Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) IoCreateFile
    Code EF142323 pIofCallDriver
    Code EF142EEB pIofCompleteRequest
    Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtClose
    Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtCreateSection
    Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtSetInformationFile
    Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtWriteFile

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip pctfw2.sys (PC Tools TDI Driver/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\Tcp pctfw2.sys (PC Tools TDI Driver/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\Udp pctfw2.sys (PC Tools TDI Driver/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\RawIp pctfw2.sys (PC Tools TDI Driver/PC Tools)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:608] 8298333C
    Thread System [4:616] 8298576C
    Thread System [4:620] 8297E860
    Thread System [4:624] 8298368A
    Thread System [4:944] 8297E3C4
    Thread System [4:968] 8297E3C4
    Thread System [4:3964] 829B5CC0
    Thread System [4:3968] 829A2DC0
    Thread System [4:3972] 829D95A0
    Thread System [4:3976] 8298EE40

    ---- Services - GMER 1.0.15 ----

    Service C:\WINDOWS\system32\drivers\senekaolixuwpr.sys (*** hidden *** ) [SYSTEM] seneka <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:13:00 PM, on 6/3/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\cbXPiFwV.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: WinSafe Class - {b6b571fb-b71d-449c-ad70-82e966328795} - C:\WINDOWS\iehost.dll
    O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
    O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
    O14 - IERESET.INF: START_PAGE_URL=http://home.bellsouth.net
    O15 - Trusted Zone: *.antimalwareguard.com
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
    O15 - Trusted Zone: *.gomyhit.com (HKLM)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/136c36f6b597577da420/netzip/RdxIE2.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132186887156
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zan...858ddc2e736e:e3eb4becbb5c1ba39dd084361d36488e
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab38514.cab
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: cbXPiFwV - C:\WINDOWS\SYSTEM32\cbXPiFwV.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 11749 bytes
     
  16. 2010/06/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.pif
    * Rkill.exe


    • * Double-click on the Rkill desktop icon to run the tool.
      * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
      * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
      * If not, delete the file, then download and use the one provided in Link 2.
      * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
      * Do not reboot until instructed.
      * If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following.

    Now download and run exeHelper.


    • * Please download exeHelper from Raktor to your desktop.
      * Double-click on exeHelper.com to run the fix.
      * A black window should pop up, press any key to close once the fix is completed.
      * A log file named log.txt will be created in the directory where you ran exeHelper.com
      * Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    ===============================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  17. 2010/06/03
    EUnismo

    EUnismo Inactive Thread Starter

    Joined:
    2010/06/02
    Messages:
    19
    Likes Received:
    0
    I ran rKill and exeHelper and they worked fine, but when I ran Combofix it found files to which I was instructed to write down the files and then it restarted and now my computer will not go past PCI device listing...
     
  18. 2010/06/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What did you write down?
     
  19. 2010/06/03
    EUnismo

    EUnismo Inactive Thread Starter

    Joined:
    2010/06/02
    Messages:
    19
    Likes Received:
    0
    C:\WINDOWS\system32\senekavrjyswph.dll
    C:\WINDOWS\system32\senekabobqakya.dll
    C:\WINDOWS\system32\drivers\senekaolixuwpr.sys
    C:\WINDOWS\system32\senekavhopxeth.dll
    C:\WINDOWS\system32\senekatuirrskl.dat
    C:\WINDOWS\system32\senekabdurutra.dat
     
  20. 2010/06/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very well. Thank you :)

    Try to restart computer one more time.
    If it doesn't work, try safe mode.
    If still no joy...


    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  21. 2010/06/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Are you still out there?
     
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.