-
Need help removing virus
My lap top will not let me go to any Microsoft website. Also I cannot download ANY anti-virus software, It always says there was an error.. It also will not let me do any windows updates. I'm not sure what to do at all.. I can still go on regular websites without any issues, and It doesn't really run slow or anything either.
I was able to run the DDS without a problem :
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/10/2010 12:29:49 PM
System Uptime: 3/25/2011 8:25:58 PM (1 hours ago)
.
Motherboard: Gateway | |
Processor: Intel(R) Celeron(R) M processor 1.50GHz | Socket 478 | 1496/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 38.058 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.222 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP44: 1/7/2011 8:19:37 PM - Removed Adobe Reader 7.0
RP45: 1/7/2011 8:52:27 PM - Removed Microsoft Office Standard Edition 2003
RP46: 1/11/2011 1:50:55 PM - System Checkpoint
RP47: 1/14/2011 9:41:29 PM - Restore Operation
RP48: 1/15/2011 12:10:20 AM - Removed Ask Toolbar.
RP49: 1/15/2011 12:21:46 AM - Removed Microsoft Digital Image Starter Edition 2006 Editor
RP50: 1/15/2011 12:22:38 AM - Removed Microsoft Digital Image Starter Edition 2006 Library
RP51: 1/15/2011 12:24:26 AM - Removed Microsoft Works
RP52: 1/15/2011 12:26:48 AM - Removed MSXML 6.0 Parser (KB933579)
RP53: 1/15/2011 2:16:02 AM - Installed Safari
RP54: 1/19/2011 3:27:20 PM - System Checkpoint
RP55: 1/21/2011 5:48:48 PM - System Checkpoint
RP56: 1/22/2011 5:53:45 PM - System Checkpoint
RP57: 1/25/2011 3:29:41 PM - System Checkpoint
RP58: 1/31/2011 10:47:31 PM - System Checkpoint
RP59: 2/7/2011 12:34:14 PM - System Checkpoint
RP60: 2/8/2011 4:17:27 PM - System Checkpoint
RP61: 2/15/2011 9:30:51 PM - System Checkpoint
RP62: 2/23/2011 12:28:57 AM - System Checkpoint
RP63: 3/13/2011 6:22:23 PM - System Checkpoint
RP64: 3/17/2011 10:35:29 AM - Removed Apple Application Support
RP65: 3/17/2011 10:36:26 AM - Removed Safari
RP66: 3/24/2011 10:20:34 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Agere Systems AC'97 Modem
America Online (Choose which version to remove)
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
BlackBerry Desktop Software 4.7
Browser Address Error Redirector
CCleaner
ERUNT 1.1j
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB906569)
J2SE Runtime Environment 5.0 Update 2
Java Auto Updater
McAfee Security Scan Plus
Microsoft .NET Framework 2.0
Microsoft Office Standard Edition 2003
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Recovery Software Suite Gateway
Roxio Media Manager
Safari
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Softonic-Eng7 Toolbar
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB910437)
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Media Player
WebFldrs XP
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
.
==== Event Viewer Messages From Past Week ========
.
3/25/2011 8:27:05 PM, error: Service Control Manager [7023] - The Windows Helper service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
3/25/2011 8:27:05 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
.
==== End Of File ===========================
-
Hi,
Please post dds.txt contents too.
-
Hi, thank you very much for responding, It's greatly appreciated.
Here is the dds.txt :
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 10:54:01.84 on Sat 04/09/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.190.41 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\pjv5o5v5.tmp\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=3200 Series
uStart Page = hxxp://google.ca/
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=3200 Series
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=3200 Series
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=3200 Series
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
.
============= SERVICES / DRIVERS ===============
.
R2 Windows Hosts Controller;Windows Hosts Controller;c:\windows\fonts\unwise_.exe [2010-4-10 171795]
S2 fnejprp;Windows Helper;c:\windows\system32\svchost.exe -k netsvcs [2006-10-28 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-01-15 09:50:33 1409 ----a-w- c:\windows\QTFont.for
2010-04-10 18:00:14 171795 --sh--r- c:\windows\fonts\unwise_.exe
.
============= FINISH: 10:54:36.92 ===============
-
Hi again,
Download aswMBR to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan.
On completion of the scan click save log, save it to your desktop and post in your next reply.
-
Hey,
The page tried to load, but failed to open because ''safari find the server public.avast.com". This happens all too frequently, any site to help get rid of this bug will not load..
-
Hi,
If you have another system and USB stick available you can download the tool to it. First you have to protect the USB stick by running Panda USB and AutoRun Vaccine to make sure infection doesn't spread to other system.
-
Hi again! Sorry it has taken me some time to reply. I had to grab a USB stick and I just got it today. We ran the Panda software to be safe. The download from the USB stick to my computer had no issues. I then ran a scan and saved the log, here it is ...
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-13 15:53:18
-----------------------------
15:53:18.828 OS Version: Windows 5.1.2600 Service Pack 2
15:53:18.828 Number of processors: 1 586 0xD08
15:53:18.828 ComputerName: YOUR-CB97154035 UserName: Owner
15:53:19.343 Initialize success
15:53:23.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:53:23.765 Disk 0 Vendor: FUJITSU_MHV2060AT_PL 000000A0 Size: 57231MB BusType: 3
15:53:25.781 Disk 0 MBR read successfully
15:53:25.781 Disk 0 MBR scan
15:53:27.828 Disk 0 scanning sectors +117194175
15:53:27.875 Disk 0 scanning C:\WINDOWS\system32\drivers
15:53:32.687 Service scanning
15:53:33.843 Disk 0 trace - called modules:
15:53:33.859 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
15:53:33.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x812ad030]
15:53:33.875 3 CLASSPNP.SYS[fac8305b] -> nt!IofCallDriver -> \Device\00000093[0x81225f18]
15:53:33.875 5 ACPI.sys[fab79620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8124e2f8]
15:53:33.875 Scan finished successfully
Oh, also, I am now having issues getting onto the internet, Safari says there was a problem loading the page and It shuts down If I click 'send error report', or even If I click 'don't send'.. If I put the notification box to the side I am still able to get on though. Thank you again for your help.
-
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds logs.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
-
It worked perfectly, here are the logs..
Combofix log:
ComboFix 11-04-13.06 - Owner 04/14/2011 11:25:33.1.1 - x86
Running from: c:\documents and settings\Owner\My Documents\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\WINDOWS
c:\windows\Fonts\unwise_.exe
c:\windows\system32\ckczjk.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\srwsvc.sys
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINDOWS_HOSTS_CONTROLLER
-------\Service_Windows Hosts Controller
-------\Legacy_fnejprp
-------\Legacy_srwsvc
-------\Service_fnejprp
-------\Service_srwsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
.
.
2011-04-14 16:27 . 2011-04-14 16:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
2011-04-11 05:56 . 2011-04-11 05:56 61440 -c--a-w- C:\patcher.exe
2011-03-26 04:05 . 2011-03-26 04:05 -------- d-----w- c:\program files\ERUNT
2011-03-19 07:20 . 2011-03-19 07:20 -------- d-----w- c:\windows\Sun
2011-03-17 17:27 . 2011-03-17 17:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Softonic-Eng7
2011-03-17 17:27 . 2011-03-17 17:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-15 09:50 . 2011-01-15 09:50 1409 ----a-w- c:\windows\QTFont.for
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-07-01 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-07-01 02:59 2515552 ----a-w- c:\program files\Softonic-Eng7\tbSof1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-07-01 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-07-01 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-07 737370]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"VTTrayp"="VTtrayp.exe" [2005-11-01 163840]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 88203]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-04-10 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2008-09-19 21:06 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 21:03 125528 ----a-w- c:\program files\Common Files\AOL\1270920978\EE\AOLHostManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 05:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-08-26 18:23 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 17:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1270920978\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9991:TCP"= 9991:TCP:PORT2
"9999:TCP"= 9999:TCP:PORT1
"1013:TCP"= 1013:TCP:BS
"56193:TCP"= 56193:TCP:FD
"1919:TCP"= 1919:TCP:nuxzkov
"20775:TCP"= 20775:TCP:FD
"55117:TCP"= 55117:TCP:FD
"8059:TCP"= 8059:TCP:FD
"21151:TCP"= 21151:TCP:FD
"51274:TCP"= 51274:TCP:FD
"36995:TCP"= 36995:TCP:FD
"41132:TCP"= 41132:TCP:FD
"26101:TCP"= 26101:TCP:FD
"44886:TCP"= 44886:TCP:FD
"5406:TCP"= 5406:TCP:FD
"35937:TCP"= 35937:TCP:FD
"31474:TCP"= 31474:TCP:FD
"20562:TCP"= 20562:TCP:FD
"34033:TCP"= 34033:TCP:FD
"15982:TCP"= 15982:TCP:FD
"24523:TCP"= 24523:TCP:FD
"47999:TCP"= 47999:TCP:FD
"39240:TCP"= 39240:TCP:FD
"2721:TCP"= 2721:TCP:FD
"15117:TCP"= 15117:TCP:FD
"21714:TCP"= 21714:TCP:FD
"60373:TCP"= 60373:TCP:FD
"2514:TCP"= 2514:TCP:FD
"33959:TCP"= 33959:TCP:FD
"26707:TCP"= 26707:TCP:FD
"14061:TCP"= 14061:TCP:FD
"47508:TCP"= 47508:TCP:FD
"16986:TCP"= 16986:TCP:FD
"25690:TCP"= 25690:TCP:FD
"56400:TCP"= 56400:TCP:FD
"26177:TCP"= 26177:TCP:FD
"3934:TCP"= 3934:TCP:FD
"38291:TCP"= 38291:TCP:FD
"19659:TCP"= 19659:TCP:FD
"58623:TCP"= 58623:TCP:FD
"29175:TCP"= 29175:TCP:FD
"27495:TCP"= 27495:TCP:FD
"35544:TCP"= 35544:TCP:FD
"14346:TCP"= 14346:TCP:FD
"9052:TCP"= 9052:TCP:FD
"3378:TCP"= 3378:TCP:FD
"18376:TCP"= 18376:TCP:FD
"21903:TCP"= 21903:TCP:FD
"30549:TCP"= 30549:TCP:FD
"53632:TCP"= 53632:TCP:FD
"36116:TCP"= 36116:TCP:FD
"4811:TCP"= 4811:TCP:FD
"44546:TCP"= 44546:TCP:FD
"3661:TCP"= 3661:TCP:FD
"42063:TCP"= 42063:TCP:FD
"14194:TCP"= 14194:TCP:FD
"50488:TCP"= 50488:TCP:FD
"26557:TCP"= 26557:TCP:FD
"60602:TCP"= 60602:TCP:FD
"4567:TCP"= 4567:TCP:FD
"11253:TCP"= 11253:TCP:FD
"54664:TCP"= 54664:TCP:FD
"22846:TCP"= 22846:TCP:FD
"61261:TCP"= 61261:TCP:FD
"27385:TCP"= 27385:TCP:FD
"41817:TCP"= 41817:TCP:FD
"55141:TCP"= 55141:TCP:FD
.
S2 fnejprp;Windows Helper;c:\windows\system32\svchost.exe -k netsvcs [10/28/2006 11:10 PM 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fnejprp
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2010-04-10 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-10-29 19:00]
.
2010-04-10 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-10-29 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=3200 Series
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 12:05
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fnejprp]
"ServiceDll"="c:\windows\system32\ckczjk.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\VTtrayp.exe
c:\windows\AGRSMMSG.exe
.
**************************************************************************
.
Completion time: 2011-04-14 12:08:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-14 18:08
.
Pre-Run: 40,550,871,040 bytes free
Post-Run: 40,774,492,160 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /noguiboot
.
- - End Of File - - 2FDBCF7763BB9A8533EC1FC73F0F6FB5
DDS.txt
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 12:13:19.59 on Thu 04/14/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.190.26 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\dwwin.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\mgqxahrf.tmp\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=3200 Series
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
.
============= SERVICES / DRIVERS ===============
.
S2 fnejprp;Windows Helper;c:\windows\system32\svchost.exe -k netsvcs [2006-10-28 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2011-04-14 17:09:20 -------- dcsha-r- C:\cmdcons
2011-04-14 16:56:54 98816 ----a-w- c:\windows\sed.exe
2011-04-14 16:56:54 89088 ----a-w- c:\windows\MBR.exe
2011-04-14 16:56:54 256512 ----a-w- c:\windows\PEV.exe
2011-04-14 16:56:54 161792 ----a-w- c:\windows\SWREG.exe
2011-04-14 16:27:51 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PackageAware
2011-04-11 05:56:18 61440 -c--a-w- C:\patcher.exe
.
==================== Find3M ====================
.
2011-01-15 09:50:33 1409 ----a-w- c:\windows\QTFont.for
.
============= FINISH: 12:13:58.12 ===============
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/10/2010 12:29:49 PM
System Uptime: 4/14/2011 11:56:32 AM (1 hours ago)
.
Motherboard: Gateway | |
Processor: Intel(R) Celeron(R) M processor 1.50GHz | Socket 478 | 1496/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 37.984 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.222 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP47: 1/14/2011 9:41:29 PM - Restore Operation
RP48: 1/15/2011 12:10:20 AM - Removed Ask Toolbar.
RP49: 1/15/2011 12:21:46 AM - Removed Microsoft Digital Image Starter Edition 2006 Editor
RP50: 1/15/2011 12:22:38 AM - Removed Microsoft Digital Image Starter Edition 2006 Library
RP51: 1/15/2011 12:24:26 AM - Removed Microsoft Works
RP52: 1/15/2011 12:26:48 AM - Removed MSXML 6.0 Parser (KB933579)
RP53: 1/15/2011 2:16:02 AM - Installed Safari
RP54: 1/19/2011 3:27:20 PM - System Checkpoint
RP55: 1/21/2011 5:48:48 PM - System Checkpoint
RP56: 1/22/2011 5:53:45 PM - System Checkpoint
RP57: 1/25/2011 3:29:41 PM - System Checkpoint
RP58: 1/31/2011 10:47:31 PM - System Checkpoint
RP59: 2/7/2011 12:34:14 PM - System Checkpoint
RP60: 2/8/2011 4:17:27 PM - System Checkpoint
RP61: 2/15/2011 9:30:51 PM - System Checkpoint
RP62: 2/23/2011 12:28:57 AM - System Checkpoint
RP63: 3/13/2011 6:22:23 PM - System Checkpoint
RP64: 3/17/2011 10:35:29 AM - Removed Apple Application Support
RP65: 3/17/2011 10:36:26 AM - Removed Safari
RP66: 3/24/2011 10:20:34 AM - System Checkpoint
RP67: 4/5/2011 12:39:02 PM - System Checkpoint
RP68: 4/7/2011 11:31:15 AM - System Checkpoint
RP69: 4/9/2011 6:58:14 PM - System Checkpoint
RP70: 4/13/2011 4:37:24 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Agere Systems AC'97 Modem
America Online (Choose which version to remove)
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
BlackBerry Desktop Software 4.7
Browser Address Error Redirector
CCleaner
ERUNT 1.1j
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB906569)
J2SE Runtime Environment 5.0 Update 2
Java Auto Updater
McAfee Security Scan Plus
Microsoft .NET Framework 2.0
Microsoft Office Standard Edition 2003
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Recovery Software Suite Gateway
Roxio Media Manager
Safari
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Softonic-Eng7 Toolbar
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB910437)
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Media Player
WebFldrs XP
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
.
==== Event Viewer Messages From Past Week ========
.
4/14/2011 9:53:57 AM, error: Service Control Manager [7023] - The Windows Helper service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
4/14/2011 9:53:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
4/14/2011 11:57:37 AM, error: Service Control Manager [7023] - The Windows Helper service terminated with the following error: The specified module could not be found.
4/14/2011 11:51:33 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SRWSVC\0000 disappeared from the system without first being prepared for removal.
4/14/2011 11:16:45 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/14/2011 11:05:30 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/14/2011 10:35:33 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
.
==== End Of File ===========================
After not being able to get McAfee to work, ever, I followed your instructions to re activate my antivirus, and It worked. It's asking me to update, but I'm not sure If I should or not, so I'll wait for your further instructions.
-
Hi,
Let's skip McAfee until system cleaning is fully finished.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
File::
c:\windows\system32\ckczjk.dll
Driver::
fnejprp
NetSvc::
fnejprp
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9991:TCP"=-
"9999:TCP"=-
"1013:TCP"=-
"56193:TCP"=-
"1919:TCP"=-
"20775:TCP"=-
"55117:TCP"=-
"8059:TCP"=-
"21151:TCP"=-
"51274:TCP"=-
"36995:TCP"=-
"41132:TCP"=-
"26101:TCP"=-
"44886:TCP"=-
"5406:TCP"=-
"35937:TCP"=-
"31474:TCP"=-
"20562:TCP"=-
"34033:TCP"=-
"15982:TCP"=-
"24523:TCP"=-
"47999:TCP"=-
"39240:TCP"=-
"2721:TCP"=-
"15117:TCP"=-
"21714:TCP"=-
"60373:TCP"=-
"2514:TCP"=-
"33959:TCP"=-
"26707:TCP"=-
"14061:TCP"=-
"47508:TCP"=-
"16986:TCP"=-
"25690:TCP"=-
"56400:TCP"=-
"26177:TCP"=-
"3934:TCP"=-
"38291:TCP"=-
"19659:TCP"=-
"58623:TCP"=-
"29175:TCP"=-
"27495:TCP"=-
"35544:TCP"=-
"14346:TCP"=-
"9052:TCP"=-
"3378:TCP"=-
"18376:TCP"=-
"21903:TCP"=-
"30549:TCP"=-
"53632:TCP"=-
"36116:TCP"=-
"4811:TCP"=-
"44546:TCP"=-
"3661:TCP"=-
"42063:TCP"=-
"14194:TCP"=-
"50488:TCP"=-
"26557:TCP"=-
"60602:TCP"=-
"4567:TCP"=-
"11253:TCP"=-
"54664:TCP"=-
"22846:TCP"=-
"61261:TCP"=-
"27385:TCP"=-
"41817:TCP"=-
"55141:TCP"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v6...FScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6 Update 24.
- Click the
Download
button to the right. - Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
* Go here to run an online scanner from ESET.- Note: You will need to use Internet explorer for this scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is not checkmarked.
- Click Scan
- Wait for the scan to finish.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.