xp antivirus 2012 virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

teacherspetz

Thread Starter
Joined
Dec 11, 2011
Messages
12
I contracted this virus yesterday. I scanned my computer with malware bytes and got it to clean off some of the stuff, but I am still being redirected when using a search engine. I scanned the computer with hijackthis v2.0.4 and this is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:49:30 PM, on 12/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Documents and Settings\Don\My Documents\Downloads\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\ping.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RebateInformer] C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1305471771359
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7636 bytes

I also did the TSG sys inf and here it is:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) M processor 1.86GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 1023 Mb
Graphics Card: ATI MOBILITY RADEON X600, 128 Mb
Hard Drives: C: Total - 57224 MB, Free - 42921 MB;
Motherboard: Hewlett-Packard, 0934
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled

If there is anything else you need, let me know. Thanks for the help!
 
Joined
Aug 9, 2007
Messages
686
Hello and welcome to Tech Support Guy.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post.
 

teacherspetz

Thread Starter
Joined
Dec 11, 2011
Messages
12
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/29/2008 10:49:05 AM
System Uptime: 12/19/2011 8:26:17 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 0934
Processor: Intel(R) Pentium(R) M processor 1.86GHz | U10 | 1862/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 42.349 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMMATSHITA_DVD-RAM_UJ-832S________________1.02____\5&7639BD6&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: MATSHITA DVD-RAM UJ-832S
PNP Device ID: IDE\CDROMMATSHITA_DVD-RAM_UJ-832S________________1.02____\5&7639BD6&0&0.1.0
Service: cdrom
.
==== System Restore Points ===================
.
RP408: 9/24/2011 3:22:00 PM - Removed Google Toolbar for Internet Explorer
RP409: 10/6/2011 1:06:34 PM - Removed AVG 2011
RP410: 10/6/2011 1:09:21 PM - Removed AVG 2011
RP411: 10/6/2011 1:45:58 PM - Software Distribution Service 3.0
RP412: 10/7/2011 7:06:56 PM - System Checkpoint
RP413: 10/8/2011 10:48:04 AM - Software Distribution Service 3.0
RP414: 10/8/2011 10:57:09 AM - Software Distribution Service 3.0
RP415: 10/9/2011 12:00:35 PM - Software Distribution Service 3.0
RP416: 10/10/2011 5:40:08 PM - Software Distribution Service 3.0
RP417: 10/12/2011 7:08:14 PM - Software Distribution Service 3.0
RP418: 10/14/2011 4:55:45 PM - Software Distribution Service 3.0
RP419: 10/14/2011 5:08:25 PM - Software Distribution Service 3.0
RP420: 10/15/2011 8:27:51 PM - Software Distribution Service 3.0
RP421: 10/16/2011 10:35:10 PM - Software Distribution Service 3.0
RP422: 10/19/2011 5:01:07 PM - Software Distribution Service 3.0
RP423: 10/20/2011 5:02:48 PM - System Checkpoint
RP424: 10/20/2011 5:51:04 PM - Software Distribution Service 3.0
RP425: 10/21/2011 8:35:27 PM - Software Distribution Service 3.0
RP426: 10/24/2011 8:05:29 PM - Software Distribution Service 3.0
RP427: 10/26/2011 2:54:31 PM - Software Distribution Service 3.0
RP428: 10/27/2011 7:02:37 PM - Software Distribution Service 3.0
RP429: 10/28/2011 8:08:36 PM - Software Distribution Service 3.0
RP430: 10/29/2011 9:40:00 PM - Software Distribution Service 3.0
RP431: 10/31/2011 1:51:43 PM - Software Distribution Service 3.0
RP432: 10/31/2011 6:44:18 PM - Installed Brother MFL-Pro Suite
RP433: 10/31/2011 6:45:32 PM - Unsigned printer driver Brother PC-FAX v.2 installed.
RP434: 11/2/2011 2:23:31 PM - Software Distribution Service 3.0
RP435: 11/3/2011 6:42:26 PM - Software Distribution Service 3.0
RP436: 11/4/2011 7:35:29 PM - Software Distribution Service 3.0
RP437: 11/6/2011 5:55:14 PM - Software Distribution Service 3.0
RP438: 11/7/2011 6:52:28 PM - Software Distribution Service 3.0
RP439: 11/9/2011 1:36:00 PM - Software Distribution Service 3.0
RP440: 11/10/2011 5:19:20 PM - Software Distribution Service 3.0
RP441: 11/10/2011 5:29:40 PM - Software Distribution Service 3.0
RP442: 11/10/2011 8:35:06 PM - Software Distribution Service 3.0
RP443: 11/12/2011 9:38:24 PM - Software Distribution Service 3.0
RP444: 11/14/2011 6:58:45 PM - Software Distribution Service 3.0
RP445: 11/16/2011 6:30:09 PM - Software Distribution Service 3.0
RP446: 11/17/2011 6:52:57 PM - Software Distribution Service 3.0
RP447: 11/19/2011 11:26:04 AM - Software Distribution Service 3.0
RP448: 11/20/2011 11:54:21 AM - Software Distribution Service 3.0
RP449: 11/23/2011 6:23:55 PM - Software Distribution Service 3.0
RP450: 11/24/2011 6:48:13 PM - Software Distribution Service 3.0
RP451: 11/26/2011 8:37:05 AM - Software Distribution Service 3.0
RP452: 11/30/2011 7:35:57 PM - Software Distribution Service 3.0
RP453: 12/2/2011 4:54:35 AM - Software Distribution Service 3.0
RP454: 12/3/2011 5:53:00 AM - System Checkpoint
RP455: 12/3/2011 8:45:11 AM - Software Distribution Service 3.0
RP456: 12/6/2011 5:59:47 PM - Software Distribution Service 3.0
RP457: 12/8/2011 8:03:58 PM - Software Distribution Service 3.0
RP458: 12/9/2011 9:58:39 PM - Software Distribution Service 3.0
RP459: 12/10/2011 12:05:11 AM - Software Distribution Service 3.0
RP460: 12/11/2011 1:01:32 PM - Installed HiJackThis
RP461: 12/15/2011 4:35:33 PM - System Checkpoint
RP462: 12/18/2011 10:59:58 AM - System Checkpoint
RP463: 12/19/2011 8:43:42 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Adobe Shockwave Player 11.5
Agere Systems AC'97 Modem
ATI - Software Uninstall Utility
Broadcom 802.11 Control Panel
Broadcom 802.11 Driver
Broadcom NetXtreme Ethernet Controller
Brother MFL-Pro Suite
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for MSXML 2 (KB887606)
Hotfix for Windows XP (KB2570791)
HP Accessories Product Tour
HP BIOS Configuration for ProtectTools 1.00 C1
HP Help and Support
HP ProtectTools Security Manager 1.00 C3
HP Wireless Assistant
Inbox Toolbar
InterActual Player
InterVideo DVD Check
InterVideo WinDVD
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
OpenOffice.org 3.1
PANTECH PC USB Modem Software
PowerArchiver
Quick Launch Buttons 5.10 A1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TIxx21
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
WebFldrs XP
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
12/19/2011 8:37:00 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1282.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/18/2011 10:34:46 AM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 0014A51AF6B7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/17/2011 5:47:34 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/15/2011 4:22:14 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/15/2011 4:22:13 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/15/2011 4:12:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook
.
==== End Of File ===========================
 

teacherspetz

Thread Starter
Joined
Dec 11, 2011
Messages
12
for some reason I can't get it to let me post the dds report. I am breaking it up below into sections and it is letting me do it.
 

teacherspetz

Thread Starter
Joined
Dec 11, 2011
Messages
12
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Don at 21:12:31 on 2011-12-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.181 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 

teacherspetz

Thread Starter
Joined
Dec 11, 2011
Messages
12
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
 

teacherspetz

Thread Starter
Joined
Dec 11, 2011
Messages
12
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page =
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
 

teacherspetz

Thread Starter
Joined
Dec 11, 2011
Messages
12
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RebateInformer] c:\progra~1\rebate~1\REBATE~1.EXE /STARTUP
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
 

teacherspetz

Thread Starter
Joined
Dec 11, 2011
Messages
12
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
(There is a line here that I am trying to post, but it won't let me do it all together. After the green and before the v6 is microsoftupdate/ For some reason it won't let me post that.)
hxxp://update.microsoft.com/ v6/V5Controls/en/x86/client/wuweb_site.cab?1305471771359



 

teacherspetz

Thread Starter
Joined
Dec 11, 2011
Messages
12
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{96C77921-F421-4C0B-B519-A0D1805D74FF} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
 

teacherspetz

Thread Starter
Joined
Dec 11, 2011
Messages
12
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\don\application data\mozilla\firefox\profiles\ku6zzizm.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl570d97c3;MpKsl570d97c3;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9cca9e6f-4510-49c3-aad5-34e726c725f5}\MpKsl570d97c3.sys [2011-12-19 29904]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2004-9-2 32640]
S1 MpKslaffd34a2;MpKslaffd34a2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7fcd489-7040-45b1-a933-1ca83a3c4955}\mpkslaffd34a2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7fcd489-7040-45b1-a933-1ca83a3c4955}\MpKslaffd34a2.sys [?]
 

teacherspetz

Thread Starter
Joined
Dec 11, 2011
Messages
12
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-19 23:32:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD600UE-22KVT0 rev.01.03K01
Running: gmer.exe; Driver: C:\DOCUME~1\Don\LOCALS~1\Temp\pwdorkow.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6FC6ABF]
init C:\WINDOWS\system32\DRIVERS\gtipci21.sys entry point in "init" section [0xF6F8BA80]
init C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS entry point in "init" section [0xF77E8192]
.text afd.sys EE96A000 83 Bytes [96, EE, 6A, 00, FF, 73, 0C, ...]
.text afd.sys EE96A054 47 Bytes [00, C0, EB, 3D, 8B, 45, DC, ...]
.text afd.sys EE96A085 25 Bytes [C3, 90, 90, 90, 90, 90, 8B, ...]
.text afd.sys EE96A09F 77 Bytes [8A, 15, 11, B0, 96, EE, 8B, ...]
.text afd.sys EE96A0ED 116 Bytes [43, 18, 8B, 78, 0C, 66, 81, ...]
.text ...
? C:\WINDOWS\System32\drivers\afd.sys suspicious PE modification
? C:\DOCUME~1\Don\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0180000A
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 018A000A
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 017F000C
.text C:\WINDOWS\System32\ping.exe[3796] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B5000A
.text C:\WINDOWS\System32\ping.exe[3796] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B6000A
.text C:\WINDOWS\System32\ping.exe[3796] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A
.text C:\WINDOWS\System32\ping.exe[3796] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A1000A
.text C:\WINDOWS\System32\ping.exe[3796] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C
.text C:\WINDOWS\System32\ping.exe[3796] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00B9000A
.text C:\WINDOWS\System32\ping.exe[3796] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00BA000A
.text C:\WINDOWS\System32\ping.exe[3796] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00BB000A
.text C:\WINDOWS\System32\ping.exe[3796] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00B8000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) EE9D9000-EE9F0000 (94208 bytes)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\UVO4FAG9.txt 154 bytes
File C:\Documents and Settings\NetworkService\Cookies\OT2UH202.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\IVJVPK8N.txt 7581 bytes
File C:\Documents and Settings\NetworkService\Cookies\KIM83NSE.txt 11766 bytes
File C:\Documents and Settings\NetworkService\Cookies\9HKMGGKO.txt 820 bytes
File C:\Documents and Settings\NetworkService\Cookies\IHR9WDYY.txt 70 bytes
File C:\Documents and Settings\NetworkService\Cookies\OGMJ0VXT.txt 543 bytes
File C:\Documents and Settings\NetworkService\Cookies\RCT02D1O.txt 484 bytes
File C:\Documents and Settings\NetworkService\Cookies\RI6UUQIH.txt 76 bytes
File C:\Documents and Settings\NetworkService\Cookies\2TLJ8FT1.txt 7766 bytes
File C:\Documents and Settings\NetworkService\Cookies\GQKAU1BS.txt 1470 bytes
File C:\Documents and Settings\NetworkService\Cookies\M8TAPJS8.txt 324 bytes
File C:\Documents and Settings\NetworkService\Cookies\FJQUHVCB.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\FU6M7YMW.txt 230 bytes
File C:\Documents and Settings\NetworkService\Cookies\NXNCLJDC.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\6TR49P0U.txt 550 bytes
File C:\Documents and Settings\NetworkService\Cookies\2BDZ3PN4.txt 2540 bytes
File C:\Documents and Settings\NetworkService\Cookies\VM8QPC1K.txt 599 bytes
File C:\Documents and Settings\NetworkService\Cookies\VNLE0AP7.txt 1346 bytes
File C:\Documents and Settings\NetworkService\Cookies\TL2DWAWC.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\TTYJJ55M.txt 611 bytes
File C:\Documents and Settings\NetworkService\Cookies\HND0562V.txt 538 bytes
File C:\Documents and Settings\NetworkService\Cookies\J7M6KI9J.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\WJ0WB3NQ.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\UZQ8UO2L.txt 70 bytes
File C:\Documents and Settings\NetworkService\Cookies\V78UW55Q.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\S2BNSK73.txt 7644 bytes
File C:\Documents and Settings\NetworkService\Cookies\CIQODOR4.txt 494 bytes
File C:\Documents and Settings\NetworkService\Cookies\CO37QMUN.txt 314 bytes
File C:\Documents and Settings\NetworkService\Cookies\YJ9CFPT8.txt 134 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\minimall[2] 26007 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\nextButton[1].png 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\trailersandvideos_com[1].htm 27868 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\8126_Holiday_Banners_Gift_Card_300x250_clickTag[1].swf 40428 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\v=5%3Bm=3%3Bl=31091%3Bc=200342%3Bb=1194788%3Bts=20111220002945%3Bdct=;ord=1324358985[1].htm 5873 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\share-arrow-close[1].gif 107 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\click[3].txt 9236 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\style[1].css 11629 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\successserch_com[2].txt 2353 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\s[2].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\beacon.js[4].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\lb_sv_time_out[1].gif 13376 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\featured[1].aspx 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\categories[1].png 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\iframe[4] 43 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\iframe[4].txt 74 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\button-search-in-channel[1].gif 680 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JFIC5W8Q\avenir_85[1].eot 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JFIC5W8Q\background_gradient[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JFIC5W8Q\info_48[2] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JFIC5W8Q\but_search_left[1].gif 617 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NRJ4QVPG\vj[1] 5244 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NRJ4QVPG\interstitial[1].htm 4073 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NRJ4QVPG\ad4_liverail_com[1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NRJ4QVPG\uF-zjf2ABTQ[1].jpg 4593 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NRJ4QVPG\2Yu_25g6mnQ[1].jpg 3334 bytes
File C:\WINDOWS\$NtUninstallKB42994$\1709261103 0 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488 0 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\bckfg.tmp 849 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\cfg.ini 197 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\keywords 161 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\L 0 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\L\iwcflxff 138496 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\U 0 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\U\[email protected] 2048 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\U\[email protected] 224768 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\U\[email protected] 1024 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\U\[email protected] 1024 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\U\[email protected] 12800 bytes
File C:\WINDOWS\$NtUninstallKB42994$\408600488\U\[email protected] 98304 bytes

---- EOF - GMER 1.0.15 ----
 
Joined
Aug 9, 2007
Messages
686
Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.
 

teacherspetz

Thread Starter
Joined
Dec 11, 2011
Messages
12
I ran combofix and now I can't get onto the internet with that computer. Says the network is not assigning a network address to the computer.

Would I be better off just wiping the hard drive and reloading everything? I don't really have that much on there. It's just the computer that my husband uses to surf the web. I can get the log by doing it with a removable drive, but nervous that the virus will transfer to another computer.
 
Joined
Aug 9, 2007
Messages
686
The infection you have is the Zero Access RootKit. It is a very nasty infection and one thing it does is that when trying to fix/remove it, it can often disable the user's Internet access. :(

If you're willing to do so, the best/quickest option would indeed be to reformat the Hard Drive and start fresh on the computer. Once you do the reformat and reinstall on the computer, be sure to go to Windows Update first thing and download/install updates till the computer is up to date.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top