Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Infected Computer

  1. 2009-03-15, 22:29 #1
    crmorgan
    crmorgan is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    10

    Default Infected Computer

    I accidentally clicked a strange screen saver yesterday. Immediately my Spybot program (1.6.0.30) began requesting registry changes which I denied. Now I am unable to run Spybot and my Foxfire browser re-directs me at certain times and downloads advertising. Especially at spyware information sites. I un-installed and re-installed Spybot but it still won't open. I downloaded and ran ERUN successfully. I downloaded HTJ install but it will not start the installation. I am running Mc Afee Virus Scan 7.0. My Windows XP firewall was not running. I have a 6 month old Dell desktop. Any suggestions?
  2. 2009-03-17, 08:30 #2
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  3. 2009-03-17, 17:15 #3
    crmorgan
    crmorgan is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    10

    Default Logs Posted

    If I posted these incorrectly please advise.. Here are the Logs:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/30/2008 3:38:02 PM
    System Uptime: 3/17/2009 6:39:13 AM (3 hours ago)

    Motherboard: Dell Inc. | | 0RY007
    Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | Socket 775 | 1995/200mhz

    ==== Disk Partitions =========================


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/30/2008 3:38:02 PM
    System Uptime: 3/17/2009 6:39:13 AM (3 hours ago)

    Motherboard: Dell Inc. | | 0RY007
    Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | Socket 775 | 1995/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 298 GiB total, 272.981 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 466 GiB total, 402.434 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) 82562V-2 10/100 Network Connection
    Device ID: PCI\VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02\3&2411E6FE&0&C8
    Manufacturer: Intel
    Name: Intel(R) 82562V-2 10/100 Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02\3&2411E6FE&0&C8
    Service: e1express

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 9
    Apple Software Update
    AutoUpdate
    Browser Address Error Redirector
    Compatibility Pack for the 2007 Office system
    Conexant D850 PCI V.92 Modem
    Dell Driver Reset Tool
    Dell Support Center (Support Software)
    Digital Line Detect
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    ERUNT 1.1j
    GoToAssist 8.0.0.514
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Windows XP (KB952287)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Java(TM) 6 Update 11
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Lexmark 1200 Series
    Lexmark 510 Series
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Works
    Mobile Broadband Drivers
    Modem Diagnostic Tool
    Mozilla Firefox (2.0.0.17)
    Mozilla Firefox (3.0.6)
    Mozilla Thunderbird (2.0.0.19)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB933579)
    NetWaiting
    Photo Explosion Special Edition
    PowerDVD
    Propel Accelerator
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Seagate Manager Installer
    SearchAssist
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Spybot - Search & Destroy
    TaxACT 2008
    Turbo Lister 2
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    VZAccess Manager
    WebFldrs XP
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    3/14/2009 2:32:09 PM, error: Print [19] - Sharing printer failed + 1722, Printer Lexmark 510 Series share name Printer.
    3/16/2009 8:06:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/16/2009 8:07:22 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
    3/16/2009 8:07:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm

    ==== End Of File ===========================


    C: is FIXED (NTFS) - 298 GiB total, 272.981 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 466 GiB total, 402.434 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) 82562V-2 10/100 Network Connection
    Device ID: PCI\VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02\3&2411E6FE&0&C8
    Manufacturer: Intel
    Name: Intel(R) 82562V-2 10/100 Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02\3&2411E6FE&0&C8
    Service: e1express

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 9
    Apple Software Update
    AutoUpdate
    Browser Address Error Redirector
    Compatibility Pack for the 2007 Office system
    Conexant D850 PCI V.92 Modem
    Dell Driver Reset Tool
    Dell Support Center (Support Software)
    Digital Line Detect
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    ERUNT 1.1j
    GoToAssist 8.0.0.514
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Windows XP (KB952287)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Java(TM) 6 Update 11
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Lexmark 1200 Series
    Lexmark 510 Series
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Works
    Mobile Broadband Drivers
    Modem Diagnostic Tool
    Mozilla Firefox (2.0.0.17)
    Mozilla Firefox (3.0.6)
    Mozilla Thunderbird (2.0.0.19)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB933579)
    NetWaiting
    Photo Explosion Special Edition
    PowerDVD
    Propel Accelerator
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Seagate Manager Installer
    SearchAssist
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Spybot - Search & Destroy
    TaxACT 2008
    Turbo Lister 2
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    VZAccess Manager
    WebFldrs XP
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    3/14/2009 2:32:09 PM, error: Print [19] - Sharing printer failed + 1722, Printer Lexmark 510 Series share name Printer.
    3/16/2009 8:06:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/16/2009 8:07:22 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
    3/16/2009 8:07:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm

    ==== End Of File ===========================
  4. 2009-03-17, 17:39 #4
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Otherwise fine but you posted attach.txt twice while leaving dds.txt off your post. Please post dds.txt too
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  5. 2009-03-18, 18:20 #5
    crmorgan
    crmorgan is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    10

    Default DDS Log

    I apologize for the error and thank you for your time. Here is the DDS Log

    DDS (Ver_09-03-16.01) - NTFSx86
    Run by Courtney at 9:07:43.54 on Tue 03/17/2009
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1294 [GMT -7:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Propel Accelerator\PropelAC.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
    E:\Agent\agent.exe
    E:\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\Iexplore.exe
    C:\CRM\A3\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=2080922
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = http=localhost:8080
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~1\propel~1\PRPL_I~1.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
    BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
    mRun: [Propel Accelerator] "c:\program files\propel accelerator\trayctl.exe" /STARTUPLAUNCH
    mRun: [WordPerfect Office 1215] c:\program files\wordperfect office 12\programs\Registration.exe /title="WordPerfect Office 12" /date=120608 serial=WA12WRX-0000002-HMD lang=EN
    mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe"
    mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    StartupFolder: c:\docume~1\courtney\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Refresh Pa&ge with Full Quality - c:\program files\propel accelerator\pac-page.html
    IE: Refresh Pi&cture with Full Quality - c:\program files\propel accelerator\pac-image.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    LSP: c:\program files\propel accelerator\prplsf.dll
    DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    TCP: {73674A58-D3DC-4B73-8B73-E0B6D3758B82} = 66.174.92.14 69.78.96.14
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\courtney\applic~1\mozilla\firefox\profiles\l0g4iauw.default\
    FF - prefs.js: browser.search.selectedEngine - Amazon.com
    FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

    ============= SERVICES / DRIVERS ===============

    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-10-9 106586]
    R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2003-3-6 233595]
    R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2003-3-6 127050]
    R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2003-3-6 84448]
    S2 0007511223519928mcinstcleanup;McAfee Application Installer Cleanup (0007511223519928);c:\docume~1\courtney\locals~1\temp\000751~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\courtney\locals~1\temp\000751~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

    =============== Created Last 30 ================

    2009-03-17 06:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
    2009-03-16 15:35 <DIR> --d----- C:\!KillBox
    2009-03-16 15:26 <DIR> --d----- C:\VundoFix Backups
    2009-03-16 13:25 200 a------- c:\windows\WININIT.INI
    2009-03-16 11:28 4,044 a------- c:\windows\system32\tmp.reg
    2009-03-16 07:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Applications
    2009-03-03 15:05 57 a------- c:\windows\TaxACT08.ini
    2009-03-03 15:05 <DIR> --d----- c:\program files\2nd Story Software
    2009-02-28 11:09 47 a------- c:\windows\Taxact07.ini
    2009-02-26 13:17 <DIR> --d----- c:\program files\common files\xing shared

    ==================== Find3M ====================

    2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
    2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
    2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
    2009-01-15 07:55 410,984 a------- c:\windows\system32\deploytk.dll
    2008-12-19 02:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
    2008-12-19 02:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
    2008-12-18 22:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
    2008-12-18 22:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
    2008-10-02 15:52 60 a------- c:\docume~1\courtney\applic~1\wklnhst.dat

    ============= FINISH: 9:09:09.51 ===============
  6. 2009-03-19, 17:53 #6
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Uninstall these vulnerable Javas:
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7

    Uninstall also Mozilla Firefox (2.0.0.17) since it's not supported anymore and contains vulnerabilities.


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  7. 2009-03-19, 23:58 #7
    crmorgan
    crmorgan is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    10

    Default ComboFix Will Not Run

    Thank you. I followed instructions and successfully loaded The Recovery Console. I uninstalled the Java programs and Mozilla 2.0 I downloaded ComboFix.exe to my desktop and it will not run. An hourglass appears and nothing happens. Also, I re-started my computer and it froze 3 times while starting before I was able to start it using a selection on the F12 key menu. I'm reluctant to turn it off again. Meanwhile my Thunderbird e-mail program sent 500 phony e-mails last night. I un-installed it. and my Mozilla 5.0 browser is using google to send me to various sites. Spybot still not working. I'd appreciate any advice.
  8. 2009-03-20, 15:02 #8
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Rename ComboFix.exe file -> CombFxx.exe and try running it again.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  9. 2009-03-20, 18:10 #9
    crmorgan
    crmorgan is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    10

    Default Rename File

    Thank you but unfortunately that didn't work. Please let me know any other suggestions short of formatting my hard disk.
  10. 2009-03-20, 22:03 #10
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Try once more with this set of instructions.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

    Download Combofix*from any of the links below. You must*rename it before saving it. Save it to your desktop.

    Link 1
    Link 2
    Link 3





    --------------------------------------------------------------------

    Double click on Combo-Fix.exe*& follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt along with a dds log*so we can continue cleaning the system.


    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules