Time for house cleaning instructions and help.

T

tankedsecondchance

New member
Hello its been a long time since i was last here. 9You last visited: 09-07-16 at 09:32) :oops: "I'm Back" any how I have maybe three computers that most likely have some related issues and some usb flash devices that get moved around a good bit.This one has software which i purchased in maybe 2003 it came along as part of the package deal from dell.It will take me a while to dig up the key codes form the CD boxes to find them.

this PC started to run slow and hang up, then everything would just freeze-up task manager would not open, internet explorer would close and none of the virus tools would run or update i was also getting a regular message that my virtual memory was maxed out.

my son copied my files to a card.then dumped the system and started to re-install everything. internet explorer wont download,i cant get into safe mode now at all. I tried to download a couple of other virus tools you mention on-line here. but they fail to download or crash after they start.

my son partitioned off the drive into two areas, one for my old information that he copied. another for trying to install everything new into.


I think the recovery console also is gone.

male-ware bytes kept finding and fixing the same five registry key issues. spy-bot found and fixed a couple of items after we updated it. we share a common router which is wired for two pcs and have a lap top which uses the WiFi

thanks in advance

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Me at 1:01:11.67 on Sun 05/15/2011
Internet Explorer: 6.0.2900.2180
.
============== Running Processes ===============
.
C:\Documents and Settings\Me.TIM\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:egyptainhollandiatissueculture@msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows2\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows2\system32\igfxtray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows2\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\me.tim\applic~1\mozilla\firefox\profiles\6tv5e5pb.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R? BCM42XX;Broadcom iLine10(tm) Network Adapter Driver
S? abp470n5;abp470n5
S? cmdAgent;COMODO Internet Security Helper Service
S? cmdGuard;COMODO Internet Security Sandbox Driver
S? cmdHlp;COMODO Internet Security Helper Driver
.
=============== Created Last 30 ================
.
2011-05-14 22:00:50 -------- d--h--w- C:\VritualRoot
2011-05-14 22:00:50 -------- d-----w- c:\documents and settings\me.tim\..
2011-05-14 22:00:50 -------- d-----w- c:\documents and settings\me.tim\.
2011-05-14 22:00:50 -------- d-----w- C:\Documents and Settings
2011-05-14 19:49:10 -------- d-----w- c:\docume~1\me.tim\applic~1\WinPatrol
2011-05-13 22:10:51 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\Identities
2011-05-13 10:39:56 -------- d-----w- c:\windows2\system32\CatRoot_bak
2011-05-13 00:03:00 -------- d-----w- c:\windows2\system32\KB905474
2011-05-11 20:20:34 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\Google
2011-05-11 11:44:17 -------- d-----r- C:\MS Office 2007 ENG
2011-05-11 09:43:49 272128 -c----w- c:\windows2\system32\dllcache\bthport.sys
2011-05-11 09:42:28 153088 -c----w- c:\windows2\system32\dllcache\triedit.dll
2011-05-11 09:42:14 3555328 -c----w- c:\windows2\system32\dllcache\moviemk.exe
2011-05-11 09:40:55 743936 -c----w- c:\windows2\system32\dllcache\helpsvc.exe
2011-05-11 09:33:16 1172480 -c----w- c:\windows2\system32\dllcache\msxml3.dll
2011-05-11 09:32:40 655872 -c----w- c:\windows2\system32\dllcache\mstscax.dll
2011-05-11 09:29:25 352640 -c----w- c:\windows2\system32\dllcache\srv.sys
2011-05-11 09:28:32 90112 ----a-w- c:\windows2\unvise32.exe
2011-05-11 09:26:57 454016 -c----w- c:\windows2\system32\dllcache\mrxsmb.sys
2011-05-11 09:26:38 470528 -c----w- c:\windows2\system32\dllcache\aclayers.dll
2011-05-11 09:09:11 331776 -c----w- c:\windows2\system32\dllcache\msadce.dll
2011-05-11 09:00:31 332800 -c----w- c:\windows2\system32\dllcache\netapi32.dll
2011-05-11 09:00:01 -------- d-----w- c:\windows2\system32\PreInstall
2011-05-11 08:59:40 -------- d--h--w- c:\windows2\$hf_mig$
2011-05-11 08:57:39 215552 -c----w- c:\windows2\system32\dllcache\wordpad.exe
2011-05-11 08:56:11 85504 -c----w- c:\windows2\system32\dllcache\cabview.dll
2011-05-11 08:56:04 177664 -c----w- c:\windows2\system32\dllcache\wintrust.dll
2011-05-11 06:58:04 -------- d-----w- c:\windows2\system32\SoftwareDistribution
2011-05-11 06:53:27 -------- d-----w- c:\windows2\pss
2011-05-11 06:49:43 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\SecTaskMan
2011-05-11 06:49:40 -------- d-----w- c:\program files\Security Task Manager
2011-05-10 20:07:35 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2011-05-10 18:59:19 -------- d-----w- c:\windows2\system32\wbem\AutoRecover
2011-05-10 18:45:59 95424 ------w- c:\windows2\system32\drivers\slnthal.sys
2011-05-10 18:39:43 -------- d-----w- c:\windows2\ServicePackFiles
2011-05-10 18:32:47 19528 ----a-w- c:\windows2\002233_.tmp
2011-05-10 18:32:44 -------- d-----w- c:\windows2\system32\ReinstallBackups
2011-05-10 18:32:24 26488 ----a-w- c:\windows2\system32\spupdsvc.exe
2011-05-10 18:28:44 -------- d-----w- c:\windows2\EHome
2011-05-10 18:22:17 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Comodo
2011-05-10 18:13:27 -------- d-----w- c:\docume~1\me.tim\applic~1\Malwarebytes
2011-05-10 18:13:21 38224 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2011-05-10 18:13:20 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2011-05-10 18:13:14 19288 ----a-w- c:\windows2\system32\drivers\mbam.sys
.
==================== Find3M ====================
.
2011-05-02 17:36:04 284744 ----a-w- c:\windows2\system32\guard32.dll
2011-04-13 22:40:10 4284416 ----a-w- c:\windows2\system32\GPhotos.scr
2011-04-05 05:07:12 3539857 ----a-w- C:\pci_filerecovery.exe
2011-04-05 04:58:17 39950910 ----a-w- C:\C__Users_Administrator_Desktop_PWOSetup173.exe
.
============= FINISH: 1:03:50.54 ===============




.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
COMODO Internet Security
E[POD]bot
ERUNT 1.1j
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Malwarebytes' Anti-Malware
Microsoft Office FrontPage 2003
Mozilla Firefox 4.0.1 (x86 en-US)
Picasa 3
Security Task Manager 1.8c
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SoftPerfect Bandwidth Manager Lite 2.9.10
SoundMAX
Spybot - Search & Destroy
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Installer 3.1 (KB893803)
Windows XP Service Pack 2
.
==== End Of File ===========================

this is from the the tenth of this month.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

5/10/2011 9:25:47 PM
mbam-log-2011-05-10 (21-25-47).txt

Scan type: Quick scan
Objects scanned: 211263
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


this one is from 13th

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6566

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/13/2011 10:23:49 AM
mbam-log-2011-05-13 (10-23-49).txt

Scan type: Quick scan
Objects scanned: 237751
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6566

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/13/2011 10:23:49 AM
mbam-log-2011-05-13 (10-23-49).txt

Scan type: Quick scan
Objects scanned: 237751
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


this is from a few minutes ago.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6579

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/15/2011 2:35:46 AM
mbam-log-2011-05-15 (02-35-46).txt

Scan type: Quick scan
Objects scanned: 238403
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Last edited by a moderator:
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
hi thanks for the help.

combo fix downloaded ran and indicated it installed the recovery console then said it would perform a scan which ran for maybe ten minutes and the computer restarted.I logged in and it had reloaded and launched all the security tools when it restarted. i shut down the programs as combo-fix was trying to scan my system again but it just closed after a couple of minutes.

i looked for a log file for combo fix but i dont see one.

should i try to run it again.


DDS (Ver_11-03-05.01) - NTFSx86
Run by Me at 18:45:45.32 on Thu 05/19/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.246 [GMT 3:00]
.
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS2\system32\svchost.exe -k DcomLaunch
C:\WINDOWS2\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS2\system32\svchost.exe -k netsvcs
C:\WINDOWS2\System32\svchost.exe -k NetworkService
C:\WINDOWS2\system32\svchost.exe -k LocalService
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\System32\svchost.exe -k LocalService
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\wuauclt.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\WINDOWS2\System32\svchost.exe -k HTTPFilter
C:\WINDOWS2\system32\wuauclt.exe
C:\Documents and Settings\Me.TIM\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:egyptainhollandiatissueculture@msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows2\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows2\system32\igfxtray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
StartupFolder: c:\docume~1\me.tim\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows2\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\me.tim\applic~1\mozilla\firefox\profiles\6tv5e5pb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows2\system32\drivers\cmdGuard.sys [2011-5-2 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows2\system32\drivers\cmdhlp.sys [2011-5-2 29400]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-5-9 1779792]
R3 abp470n5;abp470n5;\??\c:\windows2\system32\drivers\gelnlo.sys --> c:\windows2\system32\drivers\gelnlo.sys [?]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows2\system32\drivers\bcm42xx5.sys [2011-5-10 54271]
.
=============== Created Last 30 ================
.
2011-05-19 15:19:54 -------- d-sha-r- C:\cmdcons
2011-05-19 15:13:38 98816 ----a-w- c:\windows2\sed.exe
2011-05-19 15:13:38 89088 ----a-w- c:\windows2\MBR.exe
2011-05-19 15:13:38 256512 ----a-w- c:\windows2\PEV.exe
2011-05-19 15:13:38 161792 ----a-w- c:\windows2\SWREG.exe
2011-05-19 15:13:11 -------- d-s---w- C:\ComboFix
2011-05-19 02:21:08 274288 ----a-w- c:\windows2\system32\mucltui.dll
2011-05-19 02:21:08 215920 ----a-w- c:\windows2\system32\muweb.dll
2011-05-19 02:21:08 16736 ----a-w- c:\windows2\system32\mucltui.dll.mui
2011-05-18 19:59:52 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\AskToolbar
2011-05-18 14:59:18 -------- d-----w- c:\windows2\system32\LogFiles
2011-05-16 18:13:24 -------- d-----w- c:\docume~1\me.tim\applic~1\Foxit Software
2011-05-16 18:12:47 -------- d-----w- c:\program files\Ask.com
2011-05-16 18:12:10 -------- d-----w- c:\program files\Foxit Software
2011-05-14 22:00:50 -------- d--h--w- C:\VritualRoot
2011-05-14 19:49:10 -------- d-----w- c:\docume~1\me.tim\applic~1\WinPatrol
2011-05-13 22:10:51 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\Identities
2011-05-13 10:39:56 -------- d-----w- c:\windows2\system32\CatRoot_bak
2011-05-13 00:03:00 -------- d-----w- c:\windows2\system32\KB905474
2011-05-11 20:20:34 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\Google
2011-05-11 11:44:17 -------- d-----r- C:\MS Office 2007 ENG
2011-05-11 09:43:49 272128 -c----w- c:\windows2\system32\dllcache\bthport.sys
2011-05-11 09:42:28 153088 -c----w- c:\windows2\system32\dllcache\triedit.dll
2011-05-11 09:40:55 743936 -c----w- c:\windows2\system32\dllcache\helpsvc.exe
2011-05-11 09:33:16 1172480 -c----w- c:\windows2\system32\dllcache\msxml3.dll
2011-05-11 09:32:40 655872 -c----w- c:\windows2\system32\dllcache\mstscax.dll
2011-05-11 09:29:25 352640 -c----w- c:\windows2\system32\dllcache\srv.sys
2011-05-11 09:28:32 90112 ----a-w- c:\windows2\unvise32.exe
2011-05-11 09:26:57 454016 -c----w- c:\windows2\system32\dllcache\mrxsmb.sys
2011-05-11 09:26:38 470528 -c----w- c:\windows2\system32\dllcache\aclayers.dll
2011-05-11 09:09:11 331776 -c----w- c:\windows2\system32\dllcache\msadce.dll
2011-05-11 09:00:31 332800 -c----w- c:\windows2\system32\dllcache\netapi32.dll
2011-05-11 09:00:01 -------- d-----w- c:\windows2\system32\PreInstall
2011-05-11 08:59:40 -------- d--h--w- c:\windows2\$hf_mig$
2011-05-11 08:56:11 85504 -c----w- c:\windows2\system32\dllcache\cabview.dll
2011-05-11 08:56:04 177664 -c----w- c:\windows2\system32\dllcache\wintrust.dll
2011-05-11 06:58:04 -------- d-----w- c:\windows2\system32\SoftwareDistribution
2011-05-11 06:53:27 -------- d-----w- c:\windows2\pss
2011-05-11 06:49:43 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\SecTaskMan
2011-05-11 06:49:40 -------- d-----w- c:\program files\Security Task Manager
2011-05-10 20:07:35 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2011-05-10 18:59:19 -------- d-----w- c:\windows2\system32\wbem\AutoRecover
2011-05-10 18:45:59 95424 ------w- c:\windows2\system32\drivers\slnthal.sys
2011-05-10 18:39:43 -------- d-----w- c:\windows2\ServicePackFiles
2011-05-10 18:32:47 19528 ----a-w- c:\windows2\002233_.tmp
2011-05-10 18:32:44 -------- d-----w- c:\windows2\system32\ReinstallBackups
2011-05-10 18:32:24 26488 ----a-w- c:\windows2\system32\spupdsvc.exe
2011-05-10 18:28:44 -------- d-----w- c:\windows2\EHome
2011-05-10 18:22:17 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Comodo
2011-05-10 18:13:27 -------- d-----w- c:\docume~1\me.tim\applic~1\Malwarebytes
2011-05-10 18:13:21 38224 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2011-05-10 18:13:20 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2011-05-10 18:13:14 19288 ----a-w- c:\windows2\system32\drivers\mbam.sys
.
==================== Find3M ====================
.
2011-05-02 17:36:04 284744 ----a-w- c:\windows2\system32\guard32.dll
2011-04-13 22:40:10 4284416 ----a-w- c:\windows2\system32\GPhotos.scr
2011-04-05 05:07:12 3539857 ----a-w- C:\pci_filerecovery.exe
2011-04-05 04:58:17 39950910 ----a-w- C:\C__Users_Administrator_Desktop_PWOSetup173.exe
.
============= FINISH: 18:47:50.56 ===============
 
Hi,

Yes, run ComboFix again after disabling protection first.
 
ok it did run for a while and found a root kit infection and asked to re-boot to fix it and then the computer restarted quickly and the audio sounded good.

but for the life of me i cant find any log file for combo-fix

im on the other computer because a message popped up saying i was in selective start up mode and need to go into normal start i clicked ok it restarted again but gave me only a blue screen at log on
 
its back in selective start-up mode now, it opened and left me log on

but it gave me a pop up saying combo fix is corrupt.

should i download it again after deleting this one then try to run it again
 
Combofix has not managed to make any logs prior to crashing and claiming that its corrupt, but it did give me a message telling me something about a possible "virut" infection, which may be causing the problem, if memory serves.
 
Wow had to try and download combo fix five or six times to get one which was not corrupted. it started and ran it again found some root-kit issue it asked to re-booted to fix it it came back on quickly

it ran through fifty steps which took about thirty minutes.

then it said it was deleting some files and about five folders, but it just set there with no change on the screen after another thirty minutes over one hour in time altogether.

I still don't see any log file for combo-fix, unless you can tell me where to look i think i wont ever discover it on my own or using the search feature on my pc.


here the dds file and zipped attachment

svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\System32\svchost.exe -k HTTPFilter
C:\WINDOWS2\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\WINDOWS2\System32\svchost.exe -k imgsvc
C:\Documents and Settings\Me.TIM\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:egyptainhollandiatissueculture@msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows2\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows2\system32\igfxtray.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows2\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\me.tim\applic~1\mozilla\firefox\profiles\6tv5e5pb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows2\system32\drivers\cmdGuard.sys [2011-5-2 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows2\system32\drivers\cmdhlp.sys [2011-5-2 29400]
R3 abp470n5;abp470n5;\??\c:\windows2\system32\drivers\gelnlo.sys --> c:\windows2\system32\drivers\gelnlo.sys [?]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows2\system32\drivers\bcm42xx5.sys [2011-5-10 54271]
S4 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-5-9 1779792]
.
=============== Created Last 30 ================
.
2011-05-19 19:47:21 -------- d-s---w- C:\ComboFix
2011-05-19 15:19:54 -------- d-sha-r- C:\cmdcons
2011-05-19 15:13:38 98816 ----a-w- c:\windows2\sed.exe
2011-05-19 15:13:38 89088 ----a-w- c:\windows2\MBR.exe
2011-05-19 15:13:38 256512 ----a-w- c:\windows2\PEV.exe
2011-05-19 15:13:38 161792 ----a-w- c:\windows2\SWREG.exe
2011-05-19 02:21:08 274288 ----a-w- c:\windows2\system32\mucltui.dll
2011-05-19 02:21:08 215920 ----a-w- c:\windows2\system32\muweb.dll
2011-05-19 02:21:08 16736 ----a-w- c:\windows2\system32\mucltui.dll.mui
2011-05-18 19:59:52 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\AskToolbar
2011-05-18 14:59:18 -------- d-----w- c:\windows2\system32\LogFiles
2011-05-16 18:13:24 -------- d-----w- c:\docume~1\me.tim\applic~1\Foxit Software
2011-05-16 18:12:47 -------- d-----w- c:\program files\Ask.com
2011-05-16 18:12:10 -------- d-----w- c:\program files\Foxit Software
2011-05-14 22:00:50 -------- d--h--w- C:\VritualRoot
2011-05-14 19:49:10 -------- d-----w- c:\docume~1\me.tim\applic~1\WinPatrol
2011-05-13 22:10:51 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\Identities
2011-05-13 10:39:56 -------- d-----w- c:\windows2\system32\CatRoot_bak
2011-05-13 00:03:00 -------- d-----w- c:\windows2\system32\KB905474
2011-05-11 20:20:34 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\Google
2011-05-11 11:44:17 -------- d-----r- C:\MS Office 2007 ENG
2011-05-11 09:43:49 272128 -c----w- c:\windows2\system32\dllcache\bthport.sys
2011-05-11 09:42:28 153088 -c----w- c:\windows2\system32\dllcache\triedit.dll
2011-05-11 09:40:55 743936 -c----w- c:\windows2\system32\dllcache\helpsvc.exe
2011-05-11 09:33:16 1172480 -c----w- c:\windows2\system32\dllcache\msxml3.dll
2011-05-11 09:32:40 655872 -c----w- c:\windows2\system32\dllcache\mstscax.dll
2011-05-11 09:29:25 352640 -c----w- c:\windows2\system32\dllcache\srv.sys
2011-05-11 09:28:32 90112 ----a-w- c:\windows2\unvise32.exe
2011-05-11 09:26:57 454016 -c----w- c:\windows2\system32\dllcache\mrxsmb.sys
2011-05-11 09:26:38 470528 -c----w- c:\windows2\system32\dllcache\aclayers.dll
2011-05-11 09:09:11 331776 -c----w- c:\windows2\system32\dllcache\msadce.dll
2011-05-11 09:00:31 332800 -c----w- c:\windows2\system32\dllcache\netapi32.dll
2011-05-11 09:00:01 -------- d-----w- c:\windows2\system32\PreInstall
2011-05-11 08:59:40 -------- d--h--w- c:\windows2\$hf_mig$
2011-05-11 08:56:11 85504 -c----w- c:\windows2\system32\dllcache\cabview.dll
2011-05-11 08:56:04 177664 -c----w- c:\windows2\system32\dllcache\wintrust.dll
2011-05-11 06:58:04 -------- d-----w- c:\windows2\system32\SoftwareDistribution
2011-05-11 06:53:27 -------- d-----w- c:\windows2\pss
2011-05-11 06:49:43 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\SecTaskMan
2011-05-11 06:49:40 -------- d-----w- c:\program files\Security Task Manager
2011-05-10 20:07:35 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2011-05-10 18:59:19 -------- d-----w- c:\windows2\system32\wbem\AutoRecover
2011-05-10 18:45:59 95424 ------w- c:\windows2\system32\drivers\slnthal.sys
2011-05-10 18:39:43 -------- d-----w- c:\windows2\ServicePackFiles
2011-05-10 18:32:47 19528 ----a-w- c:\windows2\002233_.tmp
2011-05-10 18:32:44 -------- d-----w- c:\windows2\system32\ReinstallBackups
2011-05-10 18:32:24 26488 ----a-w- c:\windows2\system32\spupdsvc.exe
2011-05-10 18:28:44 -------- d-----w- c:\windows2\EHome
2011-05-10 18:22:17 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Comodo
2011-05-10 18:13:27 -------- d-----w- c:\docume~1\me.tim\applic~1\Malwarebytes
2011-05-10 18:13:21 38224 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2011-05-10 18:13:20 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2011-05-10 18:13:14 19288 ----a-w- c:\windows2\system32\drivers\mbam.sys
.
==================== Find3M ====================
.
2011-05-02 17:36:04 284744 ----a-w- c:\windows2\system32\guard32.dll
2011-04-13 22:40:10 4284416 ----a-w- c:\windows2\system32\GPhotos.scr
2011-04-05 05:07:12 3539857 ----a-w- C:\pci_filerecovery.exe
2011-04-05 04:58:17 39950910 ----a-w- C:\C__Users_Administrator_Desktop_PWOSetup173.exe
.
============= FINISH: 0:19:20.48 ===============
 
Hi,

Please see in c:\combofix or c:\qoobox folder for ComboFix.txt files.
 
Hi,

* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish.
 
internet explorer wont open and it indicates i need to install service pack3 for xp prior to downloading a new version of IE, i have it downloading the service pack now but it will take and hour.

yesterday ie tried to install itself on my desktop it opened. then tried to redirect me to ask com for something. this took place during one of the periods when combo-fix asked to be rebooted.
 
Hi,

It's better to postpone SP3 install till later moment.


Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
 
the bad news I have it almost installed already its cleaning up my files if you're still around and want i can try to cancel it.then follow your last instruction.
 
Hi Blade,

Ok i could not stop the service pack three download it asked to reboot.
(i did nothing) the only option it gives me on the installation wizard is to restart now or later.

i followed your other instruction and downloaded gmer it saved as a file in a folder.which i sent to my desktop, when i double click it only gives me the option to run or cancel.

should i click run, then select the other options you mention for some settings.

I will take no action until you reply.

Blade81 said:
Hi,

It's better to postpone SP3 install till later moment.


Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
Click to expand...
 
I clicked the program it launched a window opened for a couple of seconds long enough for me to see it had options i could select then the computer crashed

it went to a blue screen error message which read (page_fault_in_nonpage_area. the computer did a physical memory dump.

i had to do a hard shutdown to get out of this screen. It restarted and then a system message in a little black window popped up for only a few seconds and listed some system errors then disappeared from the screen.

another window also opened which said that internet explorer six was being setup it had no options available.

also all of my security programs reactivated

what action would you like me to take now.

thanks

Tim from Egypt



Blade81 said:
Click run there.
Click to expand...
 
Download aswMBR to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.
 
You must log in or register to reply here.
Back
Top