1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

xp antivirus 2012 virus

Discussion in 'Virus & Other Malware Removal' started by teacherspetz, Dec 11, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. teacherspetz

    teacherspetz Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    12
    I contracted this virus yesterday. I scanned my computer with malware bytes and got it to clean off some of the stuff, but I am still being redirected when using a search engine. I scanned the computer with hijackthis v2.0.4 and this is the log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:49:30 PM, on 12/11/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Documents and Settings\Don\My Documents\Downloads\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\System32\ping.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RebateInformer] C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1305471771359
    O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 7636 bytes

    I also did the TSG sys inf and here it is:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) M processor 1.86GHz, x86 Family 6 Model 13 Stepping 8
    Processor Count: 1
    RAM: 1023 Mb
    Graphics Card: ATI MOBILITY RADEON X600, 128 Mb
    Hard Drives: C: Total - 57224 MB, Free - 42921 MB;
    Motherboard: Hewlett-Packard, 0934
    Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled

    If there is anything else you need, let me know. Thanks for the help!
     
  2. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Hello and welcome to Tech Support Guy.

    My name is km2357 and I will be helping you to remove any infection(s) that you may have.

    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

    Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

    Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

    Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


    Step # 1 Download and run DDS

    Download DDS and save it to your desktop from here or here or here
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.


    Step # 2: Download and Run Gmer

    Please download gmer.zip from Gmer and save it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


    If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.


    In your next post/reply, I need to see the following:

    1. The two DDS Logs (DDS and Attach.txt)
    2. The GMER Log

    Use multiple posts if you can't fit everything into one post.
     
  3. teacherspetz

    teacherspetz Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    12
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/29/2008 10:49:05 AM
    System Uptime: 12/19/2011 8:26:17 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 0934
    Processor: Intel(R) Pentium(R) M processor 1.86GHz | U10 | 1862/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 42.349 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
    Description: CD-ROM Drive
    Device ID: IDE\CDROMMATSHITA_DVD-RAM_UJ-832S________________1.02____\5&7639BD6&0&0.1.0
    Manufacturer: (Standard CD-ROM drives)
    Name: MATSHITA DVD-RAM UJ-832S
    PNP Device ID: IDE\CDROMMATSHITA_DVD-RAM_UJ-832S________________1.02____\5&7639BD6&0&0.1.0
    Service: cdrom
    .
    ==== System Restore Points ===================
    .
    RP408: 9/24/2011 3:22:00 PM - Removed Google Toolbar for Internet Explorer
    RP409: 10/6/2011 1:06:34 PM - Removed AVG 2011
    RP410: 10/6/2011 1:09:21 PM - Removed AVG 2011
    RP411: 10/6/2011 1:45:58 PM - Software Distribution Service 3.0
    RP412: 10/7/2011 7:06:56 PM - System Checkpoint
    RP413: 10/8/2011 10:48:04 AM - Software Distribution Service 3.0
    RP414: 10/8/2011 10:57:09 AM - Software Distribution Service 3.0
    RP415: 10/9/2011 12:00:35 PM - Software Distribution Service 3.0
    RP416: 10/10/2011 5:40:08 PM - Software Distribution Service 3.0
    RP417: 10/12/2011 7:08:14 PM - Software Distribution Service 3.0
    RP418: 10/14/2011 4:55:45 PM - Software Distribution Service 3.0
    RP419: 10/14/2011 5:08:25 PM - Software Distribution Service 3.0
    RP420: 10/15/2011 8:27:51 PM - Software Distribution Service 3.0
    RP421: 10/16/2011 10:35:10 PM - Software Distribution Service 3.0
    RP422: 10/19/2011 5:01:07 PM - Software Distribution Service 3.0
    RP423: 10/20/2011 5:02:48 PM - System Checkpoint
    RP424: 10/20/2011 5:51:04 PM - Software Distribution Service 3.0
    RP425: 10/21/2011 8:35:27 PM - Software Distribution Service 3.0
    RP426: 10/24/2011 8:05:29 PM - Software Distribution Service 3.0
    RP427: 10/26/2011 2:54:31 PM - Software Distribution Service 3.0
    RP428: 10/27/2011 7:02:37 PM - Software Distribution Service 3.0
    RP429: 10/28/2011 8:08:36 PM - Software Distribution Service 3.0
    RP430: 10/29/2011 9:40:00 PM - Software Distribution Service 3.0
    RP431: 10/31/2011 1:51:43 PM - Software Distribution Service 3.0
    RP432: 10/31/2011 6:44:18 PM - Installed Brother MFL-Pro Suite
    RP433: 10/31/2011 6:45:32 PM - Unsigned printer driver Brother PC-FAX v.2 installed.
    RP434: 11/2/2011 2:23:31 PM - Software Distribution Service 3.0
    RP435: 11/3/2011 6:42:26 PM - Software Distribution Service 3.0
    RP436: 11/4/2011 7:35:29 PM - Software Distribution Service 3.0
    RP437: 11/6/2011 5:55:14 PM - Software Distribution Service 3.0
    RP438: 11/7/2011 6:52:28 PM - Software Distribution Service 3.0
    RP439: 11/9/2011 1:36:00 PM - Software Distribution Service 3.0
    RP440: 11/10/2011 5:19:20 PM - Software Distribution Service 3.0
    RP441: 11/10/2011 5:29:40 PM - Software Distribution Service 3.0
    RP442: 11/10/2011 8:35:06 PM - Software Distribution Service 3.0
    RP443: 11/12/2011 9:38:24 PM - Software Distribution Service 3.0
    RP444: 11/14/2011 6:58:45 PM - Software Distribution Service 3.0
    RP445: 11/16/2011 6:30:09 PM - Software Distribution Service 3.0
    RP446: 11/17/2011 6:52:57 PM - Software Distribution Service 3.0
    RP447: 11/19/2011 11:26:04 AM - Software Distribution Service 3.0
    RP448: 11/20/2011 11:54:21 AM - Software Distribution Service 3.0
    RP449: 11/23/2011 6:23:55 PM - Software Distribution Service 3.0
    RP450: 11/24/2011 6:48:13 PM - Software Distribution Service 3.0
    RP451: 11/26/2011 8:37:05 AM - Software Distribution Service 3.0
    RP452: 11/30/2011 7:35:57 PM - Software Distribution Service 3.0
    RP453: 12/2/2011 4:54:35 AM - Software Distribution Service 3.0
    RP454: 12/3/2011 5:53:00 AM - System Checkpoint
    RP455: 12/3/2011 8:45:11 AM - Software Distribution Service 3.0
    RP456: 12/6/2011 5:59:47 PM - Software Distribution Service 3.0
    RP457: 12/8/2011 8:03:58 PM - Software Distribution Service 3.0
    RP458: 12/9/2011 9:58:39 PM - Software Distribution Service 3.0
    RP459: 12/10/2011 12:05:11 AM - Software Distribution Service 3.0
    RP460: 12/11/2011 1:01:32 PM - Installed HiJackThis
    RP461: 12/15/2011 4:35:33 PM - System Checkpoint
    RP462: 12/18/2011 10:59:58 AM - System Checkpoint
    RP463: 12/19/2011 8:43:42 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.3.1
    Adobe Shockwave Player 11.5
    Agere Systems AC'97 Modem
    ATI - Software Uninstall Utility
    Broadcom 802.11 Control Panel
    Broadcom 802.11 Driver
    Broadcom NetXtreme Ethernet Controller
    Brother MFL-Pro Suite
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for MSXML 2 (KB887606)
    Hotfix for Windows XP (KB2570791)
    HP Accessories Product Tour
    HP BIOS Configuration for ProtectTools 1.00 C1
    HP Help and Support
    HP ProtectTools Security Manager 1.00 C3
    HP Wireless Assistant
    Inbox Toolbar
    InterActual Player
    InterVideo DVD Check
    InterVideo WinDVD
    J2SE Runtime Environment 5.0
    Java Auto Updater
    Java(TM) 6 Update 24
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 8.0 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    OpenOffice.org 3.1
    PANTECH PC USB Modem Software
    PowerArchiver
    Quick Launch Buttons 5.10 A1
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    SoundMAX
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515 drivers.
    TIxx21
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    WebFldrs XP
    Windows Imaging Component
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/19/2011 8:37:00 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1282.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/18/2011 10:34:46 AM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 0014A51AF6B7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/17/2011 5:47:34 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/15/2011 4:22:14 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    12/15/2011 4:22:13 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/15/2011 4:12:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook
    .
    ==== End Of File ===========================
     
  4. teacherspetz

    teacherspetz Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    12
    for some reason I can't get it to let me post the dds report. I am breaking it up below into sections and it is letting me do it.
     
  5. teacherspetz

    teacherspetz Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    12
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Don at 21:12:31 on 2011-12-19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.181 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
     
  6. teacherspetz

    teacherspetz Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    12
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\WINDOWS\System32\ping.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
     
  7. teacherspetz

    teacherspetz Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    12
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page =
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
    uSearchAssistant =
    mSearchAssistant =
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
     
  8. teacherspetz

    teacherspetz Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    12
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [RebateInformer] c:\progra~1\rebate~1\REBATE~1.EXE /STARTUP
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
     
  9. teacherspetz

    teacherspetz Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    12
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    LSP: mswsock.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
    (There is a line here that I am trying to post, but it won't let me do it all together. After the green and before the v6 is microsoftupdate/ For some reason it won't let me post that.)
    hxxp://update.microsoft.com/ v6/V5Controls/en/x86/client/wuweb_site.cab?1305471771359



     
  10. teacherspetz

    teacherspetz Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    12
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{96C77921-F421-4C0B-B519-A0D1805D74FF} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
     
  11. teacherspetz

    teacherspetz Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    12
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\don\application data\mozilla\firefox\profiles\ku6zzizm.default\
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsl570d97c3;MpKsl570d97c3;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9cca9e6f-4510-49c3-aad5-34e726c725f5}\MpKsl570d97c3.sys [2011-12-19 29904]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2004-9-2 32640]
    S1 MpKslaffd34a2;MpKslaffd34a2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7fcd489-7040-45b1-a933-1ca83a3c4955}\mpkslaffd34a2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7fcd489-7040-45b1-a933-1ca83a3c4955}\MpKslaffd34a2.sys [?]
     
  12. teacherspetz

    teacherspetz Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    12
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-19 23:32:08
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD600UE-22KVT0 rev.01.03K01
    Running: gmer.exe; Driver: C:\DOCUME~1\Don\LOCALS~1\Temp\pwdorkow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6FC6ABF]
    init C:\WINDOWS\system32\DRIVERS\gtipci21.sys entry point in "init" section [0xF6F8BA80]
    init C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS entry point in "init" section [0xF77E8192]
    .text afd.sys EE96A000 83 Bytes [96, EE, 6A, 00, FF, 73, 0C, ...]
    .text afd.sys EE96A054 47 Bytes [00, C0, EB, 3D, 8B, 45, DC, ...]
    .text afd.sys EE96A085 25 Bytes [C3, 90, 90, 90, 90, 90, 8B, ...]
    .text afd.sys EE96A09F 77 Bytes [8A, 15, 11, B0, 96, EE, 8B, ...]
    .text afd.sys EE96A0ED 116 Bytes [43, 18, 8B, 78, 0C, 66, 81, ...]
    .text ...
    ? C:\WINDOWS\System32\drivers\afd.sys suspicious PE modification
    ? C:\DOCUME~1\Don\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0180000A
    .text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 018A000A
    .text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 017F000C
    .text C:\WINDOWS\System32\ping.exe[3796] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B5000A
    .text C:\WINDOWS\System32\ping.exe[3796] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B6000A
    .text C:\WINDOWS\System32\ping.exe[3796] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A
    .text C:\WINDOWS\System32\ping.exe[3796] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A1000A
    .text C:\WINDOWS\System32\ping.exe[3796] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C
    .text C:\WINDOWS\System32\ping.exe[3796] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00B9000A
    .text C:\WINDOWS\System32\ping.exe[3796] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00BA000A
    .text C:\WINDOWS\System32\ping.exe[3796] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00BB000A
    .text C:\WINDOWS\System32\ping.exe[3796] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00B8000A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) EE9D9000-EE9F0000 (94208 bytes)

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\NetworkService\Cookies\UVO4FAG9.txt 154 bytes
    File C:\Documents and Settings\NetworkService\Cookies\OT2UH202.txt 0 bytes
    File C:\Documents and Settings\NetworkService\Cookies\IVJVPK8N.txt 7581 bytes
    File C:\Documents and Settings\NetworkService\Cookies\KIM83NSE.txt 11766 bytes
    File C:\Documents and Settings\NetworkService\Cookies\9HKMGGKO.txt 820 bytes
    File C:\Documents and Settings\NetworkService\Cookies\IHR9WDYY.txt 70 bytes
    File C:\Documents and Settings\NetworkService\Cookies\OGMJ0VXT.txt 543 bytes
    File C:\Documents and Settings\NetworkService\Cookies\RCT02D1O.txt 484 bytes
    File C:\Documents and Settings\NetworkService\Cookies\RI6UUQIH.txt 76 bytes
    File C:\Documents and Settings\NetworkService\Cookies\2TLJ8FT1.txt 7766 bytes
    File C:\Documents and Settings\NetworkService\Cookies\GQKAU1BS.txt 1470 bytes
    File C:\Documents and Settings\NetworkService\Cookies\M8TAPJS8.txt 324 bytes
    File C:\Documents and Settings\NetworkService\Cookies\FJQUHVCB.txt 0 bytes
    File C:\Documents and Settings\NetworkService\Cookies\FU6M7YMW.txt 230 bytes
    File C:\Documents and Settings\NetworkService\Cookies\NXNCLJDC.txt 0 bytes
    File C:\Documents and Settings\NetworkService\Cookies\6TR49P0U.txt 550 bytes
    File C:\Documents and Settings\NetworkService\Cookies\2BDZ3PN4.txt 2540 bytes
    File C:\Documents and Settings\NetworkService\Cookies\VM8QPC1K.txt 599 bytes
    File C:\Documents and Settings\NetworkService\Cookies\VNLE0AP7.txt 1346 bytes
    File C:\Documents and Settings\NetworkService\Cookies\TL2DWAWC.txt 0 bytes
    File C:\Documents and Settings\NetworkService\Cookies\TTYJJ55M.txt 611 bytes
    File C:\Documents and Settings\NetworkService\Cookies\HND0562V.txt 538 bytes
    File C:\Documents and Settings\NetworkService\Cookies\J7M6KI9J.txt 0 bytes
    File C:\Documents and Settings\NetworkService\Cookies\WJ0WB3NQ.txt 0 bytes
    File C:\Documents and Settings\NetworkService\Cookies\UZQ8UO2L.txt 70 bytes
    File C:\Documents and Settings\NetworkService\Cookies\V78UW55Q.txt 0 bytes
    File C:\Documents and Settings\NetworkService\Cookies\S2BNSK73.txt 7644 bytes
    File C:\Documents and Settings\NetworkService\Cookies\CIQODOR4.txt 494 bytes
    File C:\Documents and Settings\NetworkService\Cookies\CO37QMUN.txt 314 bytes
    File C:\Documents and Settings\NetworkService\Cookies\YJ9CFPT8.txt 134 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\minimall[2] 26007 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\nextButton[1].png 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\trailersandvideos_com[1].htm 27868 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\8126_Holiday_Banners_Gift_Card_300x250_clickTag[1].swf 40428 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\v=5%3Bm=3%3Bl=31091%3Bc=200342%3Bb=1194788%3Bts=20111220002945%3Bdct=;ord=1324358985[1].htm 5873 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\share-arrow-close[1].gif 107 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\click[3].txt 9236 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\style[1].css 11629 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\successserch_com[2].txt 2353 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\s[2].htm 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\beacon.js[4].htm 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\lb_sv_time_out[1].gif 13376 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\featured[1].aspx 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\categories[1].png 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\iframe[4] 43 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\iframe[4].txt 74 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HVKWCMQJ\button-search-in-channel[1].gif 680 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JFIC5W8Q\avenir_85[1].eot 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JFIC5W8Q\background_gradient[1] 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JFIC5W8Q\info_48[2] 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JFIC5W8Q\but_search_left[1].gif 617 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NRJ4QVPG\vj[1] 5244 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NRJ4QVPG\interstitial[1].htm 4073 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NRJ4QVPG\ad4_liverail_com[1].txt 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NRJ4QVPG\uF-zjf2ABTQ[1].jpg 4593 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NRJ4QVPG\2Yu_25g6mnQ[1].jpg 3334 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\1709261103 0 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488 0 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\bckfg.tmp 849 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\cfg.ini 197 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\keywords 161 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\L\iwcflxff 138496 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\lsflt7.ver 5176 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\U\[email protected] 2048 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\U\[email protected] 224768 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\U\[email protected] 1024 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\U\[email protected] 1024 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\U\[email protected] 12800 bytes
    File C:\WINDOWS\$NtUninstallKB42994$\408600488\U\[email protected] 98304 bytes

    ---- EOF - GMER 1.0.15 ----
     
  13. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Step # 1: Download and Run ComboFix

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    *Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.
     
  14. teacherspetz

    teacherspetz Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    12
    I ran combofix and now I can't get onto the internet with that computer. Says the network is not assigning a network address to the computer.

    Would I be better off just wiping the hard drive and reloading everything? I don't really have that much on there. It's just the computer that my husband uses to surf the web. I can get the log by doing it with a removable drive, but nervous that the virus will transfer to another computer.
     
  15. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    The infection you have is the Zero Access RootKit. It is a very nasty infection and one thing it does is that when trying to fix/remove it, it can often disable the user's Internet access. :(

    If you're willing to do so, the best/quickest option would indeed be to reformat the Hard Drive and start fresh on the computer. Once you do the reformat and reinstall on the computer, be sure to go to Windows Update first thing and download/install updates till the computer is up to date.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - antivirus 2012 virus
  1. guyshahar
    Replies:
    1
    Views:
    485
  2. aslan777
    Replies:
    8
    Views:
    1,058
  3. Pinkesh
    Replies:
    1
    Views:
    635
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030790

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice