I have been unable to get a log as I can get HijackThis to run. I had problems a week or two ago with Windows Antivirus Pro, but now am having Total Security come up on my screen. It has even put a background on my computer.

Can you help remove or at least get me to over run this to get a log to try to fix my problem....

Thanks in advance.

I am not even able to do anything on CTRL+ALT+DELETE right now.

Was able to get a log started, but then this "Total Security thing" opened and it closed it out before log could finish running.

http://forums.spybot.info/showthread.php?p=331438#post331438

Hi,

Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.scr).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

Blade81:

I appreciate your assistance in advance with my problem.

I can not even get to a point where I can do that on my computer. I downloaded the dds.scr onto a jump drive to move from the computer I have in use to my infected computer, but can't even get it to a point where I can either open it or move the file to the desktop to begin that process without it locking up on me (cant use CTRL+ALT+DELETE) and the Total Security thing coming up eventually.

When I had a problem recently, I was able to move all but 2 files onto an external drive, so most of my files are off the computer if that makes anything easier to work with.

Hi,

Try to rename dds to "sCVHost.exe" or "iexplore.exe" before moving the file from jump drive to system.

I was able to start the "program" but it closed down moments later and the Total Security popped up again.

Please let me know of future guidance.

Thanks,

Hi,

Sorry, I had a typo there. It was meant to be sVCHost.exe. Anyway, if that or named as iexplore.exe still doesn't work try renamed as winLOgon.exe. Make sure the file is already renamed before you transfer it to your system.

I am unable to get any of the three to stay open long enough to get a log. They close as soon as the Total Security pops up.

Hi,

Go to c:\documents and settings\all users\application data folder and see if there's any folder with digits only (ie. 38221941) as its name. If there is, drag it to your desktop. Then try to run one of those renamed tools.

Was able to move a folder with all numbers (12019214) to the desktop, but still unable to get logs run using any of those items you sent me.

Hi,

Download Process Explorer (http://live.sysinternals.com/procexp.exe) to your desktop. After that right click downloaded procexp.exe and select rename. Then name it as iexplore.exe. When done, launch renamed Process Explorer, find tsc.exe process, right click it and select kill option (or highlight the process and click red X in Process Explorer's toolbar) to kill the process. When done, try to run DDS.

DDS (Ver_09-07-30.01) - FAT32x86
Run by XXXXXXXXX at 19:35:05.25 on Mon 09/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ukathletics.com/
mWinlogon: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Monopod] c:\windows\temp\b.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
mRun: [POINTER] point32.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SAClient] "c:\program files\insight\bbclient\programs\RegCon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [12019214] c:\documents and settings\all users\application data\12019214\12019214.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robert~1\applic~1\mozilla\firefox\profiles\tm60wzgw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.insightbb.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-09-02 13:30 <DIR> --d----- c:\program files\Trend Micro
2009-09-01 21:46 <DIR> --d----- c:\windows\system32\LogFiles
2009-09-01 21:39 224,772 a------- c:\windows\system32\msxml71.dll
2009-09-01 21:26 <DIR> --d----- c:\program files\Windows Police Pro
2009-09-01 21:26 25,088 a------- c:\windows\system32\tapi.nfo
2009-09-01 21:25 28,164 a------- c:\windows\system32\logon.exe
2009-08-24 15:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-08-24 15:43 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-23 15:00 <DIR> --d----- c:\docume~1\robert~1\applic~1\Malwarebytes
2009-08-23 15:00 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 15:00 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-23 15:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-23 15:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 23:21 <DIR> a-d----- c:\windows\system32\images
2009-08-14 03:02 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-10 11:42 3,248 a------- c:\windows\system32\wbem\Outlook_01ca19d127c5e882.mof

==================== Find3M ====================

2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:19 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\dllcache\atl.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 02:18 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 02:18 233,472 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 02:18 4,960,256 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 09:42 1,315,328 a------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 04:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:44 724,480 a------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:44 298,496 a------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 04:44 168,448 a------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:44 133,632 a------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:44 59,392 a------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 04:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 04:44 56,320 a------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 07:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 07:49 117,248 a------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 07:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 07:49 19,968 a------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 07:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 07:49 4,608 a------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 07:48 91,776 a------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 07:34 92,544 a------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 119,808 a------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 07:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 07:50 80,896 a------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 07:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 07:50 76,288 a------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:21 84,992 a------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 10:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 02:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 02:32 132,096 a------- c:\windows\system32\dllcache\wkssvc.dll

============= FINISH: 19:39:36.87 ===============

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/22/2005 5:05:32 PM
System Uptime: 9/7/2009 7:29:25 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Pentium(R) 4 CPU 2.20GHz | Microprocessor | 2193/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 74 GiB total, 51.447 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: Microtek SimpleSCSI Miniport Drivers
Device ID: ROOT\SCSIADAPTER\SMPLSCSI.INF&SMPLSCSI
Manufacturer: Company
Name: Microtek SimpleSCSI Miniport Drivers
PNP Device ID: ROOT\SCSIADAPTER\SMPLSCSI.INF&SMPLSCSI
Service: SMPLSCSI

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ROOT\SMPLSCSI\0000
Manufacturer: Unknown Manufacturer
Name: SCSI/RAID Host Controller
PNP Device ID: ROOT\SMPLSCSI\0000
Service: SMPLSCSI

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.7
Adobe SVG Viewer 3.0
AIM 6.0
Apple Software Update
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CutePDF Printer Setup
Desktop Alert
FirstAlert
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
hp LaserJet 1000
IncrediMail Xe
Insight Broadband QIC Service Activator
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 14
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft AntiSpyware
Microsoft IntelliPoint 4.1
Microsoft Office Professional Edition 2003
Microtek ScanSuite 1.12
Microtek ScanWizard for Windows NT V2.52
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.13)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
QuickTime
Savings Bond Wizard
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Police Pro
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086

==== Event Viewer Messages From Past Week ========

9/6/2009 8:51:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Machine Debug Manager service to connect.
9/6/2009 8:51:18 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/6/2009 8:51:18 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
9/6/2009 11:16:20 AM, error: DCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding
9/1/2009 9:46:35 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/1/2009 9:46:30 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
9/1/2009 9:46:30 PM, error: Service Control Manager [7034] - The Network Associates Task Manager service terminated unexpectedly. It has done this 1 time(s).
9/1/2009 9:46:30 PM, error: Service Control Manager [7034] - The McAfee Framework Service service terminated unexpectedly. It has done this 1 time(s).
9/1/2009 9:46:30 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
9/1/2009 9:45:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SMPLSCSI
9/1/2009 9:44:16 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
9/1/2009 11:25:38 PM, error: System Error [1003] - Error code 100000d1, parameter1 e23da000, parameter2 00000002, parameter3 00000000, parameter4 eeae9225.
9/1/2009 11:00:33 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 2 time(s).
9/1/2009 10:56:17 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

I have had it disconnected from the internet since we started this process actually.

I am thinking that reformatting it would be the best idea, but not sure if I have the resources or not to do this. What would I need?

Also, what are the best ways to avoid this happening? This computer is not mine, but a family members and I have repeatedly told them to be very careful with what they are doing on the computer, but they don't seem to understand that some sites can't be trusted. Any suggestions as to what to tell them to avoid such problems?

Thanks,

Hi,


I am thinking that reformatting it would be the best idea, but not sure if I have the resources or not to do this. What would I need?
This (http://spyware-free.us/tutorials/reformat/) is a good tutorial about prerequisities and reformat stages.


Any suggestions as to what to tell them to avoid such problems?
So how did I get infected in the first place? (http://forums.spybot.info/showthread.php?t=279) topic by Tony Klein is good reading. I'm also quite sure that no one wants to reformat system all the time. Best way to avoid that is to be more careful :)

I assume it would be near useless to reformat a computer that is nearly 8 years old and is rather slow to start with?

Hi,

I believe part of slowness is cos the system has collected much stuff during these 8 years and also cos it's infected. Reformat would do good for it. It's not ready for museum yet :)

Not sure I have the disks associated with this specific computer. I know I have some that go with my other computers (all laptops) I have had during that time, but don't believe any go with this system specifically.

If I don't have those, are there any other options?

If I don't have those, are there any other options?
We can always try cleaning if you want :)

Struggling to decide what to do. I had been out of town the last couple of days, still trying to figure out what I should do.

Ok. I'll give you a few days to think.

Thanks for your assistance.

I have given up any hope of getting it fixed as the individual who owns it won't be patient. They keep trying other methods to get it fixed.

Looks like they are going to be getting a new machine as they have made it even worse now.

You provide a wonderful service, hope I never need it, but know where to come if I do personally.

Ok. Thanks for the heads up :) I'll close this topic then.