1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Window Update & IE nor working...

Discussion in 'Malware and Virus Removal Archive' started by scout321x, 2009/12/18.

  1. 2009/12/18
    scout321x Contributing Member

    scout321x Inactive Thread Starter

    Joined:
    2002/02/23
    Messages:
    237
    Likes Received:
    3
    [Inactive] Window Update & IE nor working...

    Here is a link to the background info as to what has happened up to running DDS: Click Here

    Here are the results of running DDS:

    DDS.txt:

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Doug at 15:00:09.53 on Fri 12/18/2009
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1373 [GMT -5:00]

    AV: avast! antivirus 4.8.1368 [VPS 091217-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    I disabled COMODO only while DDS was running

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ThreatFire\TFTray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\FSP\fspuip.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\System Control Manager\MGSysCtrl.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\System Control Manager\MSIService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\ThreatFire\TFService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Documents and Settings\Doug\Desktop\dds.scr
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uWindow Title = Microsoft Internet Explorer
    BHO: AutorunsDisabled - No File
    BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
    mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [fspuip] "c:\program files\fsp\fspuip.exe "
    mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    StartupFolder: c:\docume~1\doug\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\doug\startm~1\programs\startup\autoru~1\windfan.lnk - c:\program files\windfan\WindFan.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
    uPolicies-explorer: NoSMMyDocs = 01000000
    uPolicies-explorer: NoSMMyPictures = 01000000
    IE: Download with GetRight - c:\program files\getright\GRdownload.htm
    IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    Trusted Zone: microsoft.com\*.update
    Trusted Zone: windowsupdate.com\download
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Notify: AutorunsDisabled - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    LSA: Authentication Packages = msv1_0 relog_ap

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\doug\applic~1\mozilla\firefox\profiles\l4dq4qdl.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - plugin: c:\documents and settings\doug\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPGetRt.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-23 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-23 59664]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-1 114768]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-12-5 133064]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-12-5 25160]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-1 20560]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-1 138680]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-12-5 723632]
    R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-9-17 159744]
    R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-1 254040]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-1 352920]
    R3 fspad_xp32;Finger-sensing Pad Driver for Windows 2000/XP/Vista_xp32;c:\windows\system32\drivers\fspad_xp32.sys [2009-2-3 32896]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-1-23 158720]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-23 33552]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
    S4 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
    S4 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 74480]

    =============== Created Last 30 ================

    2009-12-17 02:50:20 0 dc-h--w- c:\windows\ie8
    2009-12-11 14:24:12 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2009-12-05 15:44:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo
    2009-12-05 15:44:14 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2009-12-05 15:44:14 171552 ----a-w- c:\windows\system32\guard32.dll
    2009-12-05 15:44:14 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2009-11-23 19:27:47 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
    2009-11-23 19:27:41 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
    2009-11-23 19:27:34 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
    2009-11-20 21:51:30 0 d-----w- C:\cabs

    ==================== Find3M ====================

    2009-12-15 19:18:34 32256 ----a-w- c:\windows\system32\wupdmgr.exe
    2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-06 15:55:56 177024 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
    2009-11-04 04:04:32 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
    2009-10-08 19:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2009-10-08 19:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2009-10-08 19:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll

    ============= FINISH: 15:05:41.40 ===============

    Attach.txt:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/23/2009 1:26:10 PM
    System Uptime: 12/18/2009 2:35:50 PM (1 hours ago)

    Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | U-100
    Processor: Intel(R) Atom(TM) CPU N280 @ 1.66GHz | CPU 1 | 1666/667mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 75 GiB total, 60.433 GiB free.
    D: is FIXED (NTFS) - 74 GiB total, 67.325 GiB free.
    E: is FIXED (NTFS) - 74 GiB total, 57.628 GiB free.
    F: is FIXED (NTFS) - 74 GiB total, 60.89 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek PCIe FE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_100A1462&REV_02\4&335E5CC8&0&00E0
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek PCIe FE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_100A1462&REV_02\4&335E5CC8&0&00E0
    Service: RTLE8023xp

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Bluetooth Personal Area Network
    Device ID: BLUETOOTH\0004&0007\0000
    Manufacturer: Toshiba
    Name: Bluetooth Personal Area Network
    PNP Device ID: BLUETOOTH\0004&0007\0000
    Service: tosrfnds

    ==== System Restore Points ===================

    RP8: 10/13/2009 11:37:54 PM - System Checkpoint
    RP9: 10/15/2009 9:18:24 AM - Software Distribution Service 3.0
    RP10: 10/17/2009 10:14:50 AM - Software Distribution Service 3.0
    RP11: 10/20/2009 10:19:20 AM - Software Distribution Service 3.0
    RP12: 10/22/2009 7:36:03 PM - Software Distribution Service 3.0
    RP13: 10/26/2009 10:38:58 PM - Software Distribution Service 3.0
    RP14: 10/29/2009 11:26:39 AM - Software Distribution Service 3.0
    RP15: 11/1/2009 6:50:50 PM - System Checkpoint
    RP16: 11/1/2009 10:52:14 PM - Installed XPS Essentials Pack
    RP17: 11/1/2009 11:06:59 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP18: 11/1/2009 11:11:57 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP19: 11/3/2009 2:44:03 PM - Software Distribution Service 3.0
    RP20: 11/4/2009 12:04:03 AM - Removed Java(TM) 6 Update 16
    RP21: 11/4/2009 12:04:25 AM - Installed Java(TM) 6 Update 17
    RP22: 11/8/2009 1:14:50 PM - Software Distribution Service 3.0
    RP23: 11/9/2009 10:25:42 PM - Software Distribution Service 3.0
    RP24: 11/11/2009 2:29:49 PM - Software Distribution Service 3.0
    RP25: 11/13/2009 1:14:24 PM - Software Distribution Service 3.0
    RP26: 11/16/2009 1:32:26 PM - Software Distribution Service 3.0
    RP27: 11/20/2009 3:29:20 PM - Software Distribution Service 3.0
    RP28: 11/22/2009 7:55:00 PM - System Checkpoint
    RP29: 11/24/2009 2:44:18 PM - Software Distribution Service 3.0
    RP30: 11/24/2009 3:05:41 PM - Software Distribution Service 3.0
    RP31: 11/25/2009 5:25:14 PM - System Checkpoint
    RP32: 11/28/2009 2:10:41 PM - Software Distribution Service 3.0
    RP33: 11/28/2009 2:12:28 PM - Software Distribution Service 3.0
    RP34: 12/1/2009 10:17:36 AM - Software Distribution Service 3.0
    RP35: 12/3/2009 3:40:16 PM - Software Distribution Service 3.0
    RP36: 12/7/2009 1:11:14 PM - Software Distribution Service 3.0
    RP37: 12/11/2009 9:24:33 AM - Software Distribution Service 3.0
    RP38: 12/16/2009 1:58:32 PM - Software Distribution Service 3.0
    RP39: 12/16/2009 2:20:57 PM - Installed Windows Internet Explorer 8.
    RP40: 12/16/2009 2:22:25 PM - Software Distribution Service 3.0
    RP41: 12/16/2009 2:39:21 PM - Software Distribution Service 3.0
    RP42: 12/16/2009 7:17:42 PM - Revo Uninstaller's restore point - Windows Internet Explorer 8
    RP43: 12/16/2009 9:33:09 PM - Software Distribution Service 3.0
    RP44: 12/16/2009 10:42:25 PM - Software Distribution Service 3.0
    RP45: 12/17/2009 11:39:26 PM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    Acronis*True*Image*Home
    Adobe Download Manager
    Adobe Flash Player 10 Plugin
    Atheros Client Installation Program
    avast! Antivirus
    Belarc Advisor 7.2
    Bluetooth Stack for Windows by Toshiba
    CameraRecoder
    CCleaner (remove only)
    Choice Guard
    COMODO Internet Security
    Critical Update for Windows Media Player 11 (KB959772)
    Data Lifeguard Diagnostic for Windows
    ERUNT 1.1j
    Finger-sensing Pad Driver
    Foxit PDF IFilter
    Foxit Reader
    GetRight
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB971276-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP USB Disk Storage Format Tool
    ImgBurn
    Intel(R) Graphics Media Accelerator Driver
    IrfanView (remove only)
    Java(TM) 6 Update 17
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft WinUsb 1.0
    Mozilla Firefox (3.5.5)
    Mozilla Thunderbird (2.0.0.23)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Essentials
    neroxml
    Numus Disk Builder and Burner 2.2.7
    OpenOffice.org 3.1
    Programmer's Notepad 2
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Secunia PSI
    SecurDisc Viewer
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Segoe UI
    Send To Toys v2.5
    Sonic CinePlayer DVD Pack
    SUPERAntiSpyware Free Edition
    System Control Manager
    ThreatFire
    Tweak UI
    Tweaking Toolbox XP 2
    U.S. Robotics V.92 USB Modem
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USB2.0 Card Reader Software
    User Profile Hive Cleanup Service
    WebFldrs XP
    Windows Defender
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows PowerShell(TM) 1.0 MUI pack
    Windows XP Service Pack 3
    XPS Essentials Pack
    XPS Essentials Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    12/16/2009 9:48:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    12/16/2009 9:48:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
    12/16/2009 9:46:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP BANTExt cmdGuard Fips intelppm SASDIFSV TfFsMon TfSysMon Tosrfcom
    12/16/2009 9:45:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/15/2009 2:28:50 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================

    Any help will br greatly appreciated!!
     
    scout321x,
    #1
  2. 2009/12/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/12/19
    scout321x Contributing Member

    scout321x Inactive Thread Starter

    Joined:
    2002/02/23
    Messages:
    237
    Likes Received:
    3
    broni,

    I ran both SUPERAntiSpyware and Anti-Malware. Both were up-to-date when I ran them. However, I will do it again per your instructions plus the other steps. It will take a while before I can update mbam though. It always fails when I try to update it on my slow (24KB) dial up connection. I'll have to wait until I can get to the library again to use their high speed wifi.

    We had 16 inches of snow fall so far starting last evening and it isn't expected to stop until some time Sunday morning. Then it will take a couple of days before my rural road is plowed. Mean time I will plow out my 900 foot driveway when the snow quits. Did I mention I live in the middle of no-where? So please be patient with my response.
     
    Last edited: 2009/12/19
    scout321x,
    #3
  5. 2009/12/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem. Get that snow out, first...LOL
     
    broni,
    #4
  6. 2010/01/12
    scout321x Contributing Member

    scout321x Inactive Thread Starter

    Joined:
    2002/02/23
    Messages:
    237
    Likes Received:
    3
    However, it happened, this function has started working again. I tried it this morning and it worked. No idea what "solved" the problem.

    Edit: I would mark this thread as "Resolved" but the thread tools are not giving me the option.
     
    Last edited: 2010/01/12
    scout321x,
    #5
  7. 2010/01/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That was probably some award for getting a snow out :)
     
    broni,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...