TechSpot

1st Post Problem 7 Step Info

By everythingsm
Jun 2, 2011
  1. This my 2nd time to post so if I've doesn't something wrong let me know.

    I recvd a Java File and the problems started. My Mcaffee quarratiened 2ea Trojans(211DB.545 Generic Dropper.vagent & 4131E3.SYS Generic Dropper.vagent .. maybe off with some of the info).

    Then I started running My MalwreBytes and with Quckscan it found the below log. I then deleted the bad files and reboot as instructed by Malwarebytes.

    5/30/2011 3:06:43 PM
    mbam-log-2011-05-30 (15-06-43).txt

    Scan type: Quick scan
    Objects scanned: 166011
    Time elapsed: 20 minute(s), 3 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    c:\documents and settings\all users\application data\ggepskfpxtp.exe (Trojan.FakeMS) -> 4164 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ggePSKfpxtP (Trojan.FakeMS) -> Value: ggePSKfpxtP -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\all users\application data\ggepskfpxtp.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.


    When my computer came back up No Desk Top, No Taskbar, NO Explorer, could not System Restore, can't update Windows files. I then ran programs (Malwarebytes = found nothing, SPybot = Win32Palevo, SuperAntiSypyare=0... ran these in Safe Mode & regular MODE). When my problem persist I tried a XP REPAIR(I've done this before and it fixed my problems. This time at XP REPAIR it hangs at the black Microsoft Screen with hour glass.. and does not complete the REPAIR. I do HARD REBOOT(turn computer on and off) and still have same problems. I went to folder options and checked SHOW HIDDEN FILES so I can see my files now that had dissappeared by data still on drive.

    Please HELP I have provided what I can for your 7 Step request.

    6/2/11
    Step 1: Ran McAfee - Nothing found (Quick & Full Scan)

    Step 2: I can not get updates to MalewareBytes. I beleive since I tried the XP Repair all updates were eraised and my version is old and as I start to update I get error messages. I tried to REMOVE program to reinstall and now my verion doesn't show a date and says no updates available. CAN I DOWN OAD THIS TO CD AND RUN ON BD COMPUTER ???

    Step 3: GMER
    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-02 07:46:41
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500620AS rev.DE13
    Running: uioh329i.exe; Driver: C:\DOCUME~1\Scott\LOCALS~1\Temp\afnyrpow.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9EAF212]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EAF1D4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EAF1E8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9EAF23C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9EAF228]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9EAF1FC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----

    Step 4 DDS


    DDS (Ver_2011-06-01.06) - NTFSx86
    Internet Explorer: 6.0.2900.5512
    Run by Scott at 7:52:39 on 2011-06-02
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2451 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://my.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110516154635.dll
    BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
    IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: download.microsoft.com
    Trusted Zone: internet
    Trusted Zone: live.com\help
    Trusted Zone: mcafee.com
    Trusted Zone: microsoft.com\update
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: update.microsoft.com
    Trusted Zone: windowsupdate.com
    Trusted Zone: windowsupdate.microsoft.com
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306968218859
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238625505953
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
    DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
    DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5570/mcfscan.cab
    TCP: NameServer = 208.67.220.220,208.67.222.222
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{828C2BA4-0F6E-453A-BB67-3E7A39EBCB20} : DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-26 64288]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-7 387480]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-7 84200]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-2-14 88176]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-7 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-7 271480]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-7 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-7 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-7 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-7 141792]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-7 56064]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-1 153280]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-1 52320]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-7 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-7 88736]
    S0 cerc6;cerc6; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-7 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-7 84488]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-1 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-1 40552]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-06-01 00:30:49 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-06-01 00:30:48 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
    2011-05-31 14:18:59 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
    2011-05-31 14:17:59 7680 -c--a-w- c:\windows\system32\dllcache\ftpctrs2.dll
    2011-05-31 14:03:52 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-05-31 14:03:52 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-05-31 14:03:52 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2011-05-31 14:03:52 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-05-31 14:03:30 16535 ----a-r- c:\windows\SETB6.tmp
    2011-05-31 14:03:27 1088840 ----a-r- c:\windows\SETAA.tmp
    2011-05-31 14:03:26 1296669 ----a-r- c:\windows\SETA7.tmp
    2011-05-31 12:39:35 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
    2011-05-31 09:19:40 -------- d-----w- C:\ads
    2011-05-31 02:20:28 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2011-05-31 02:20:28 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
    2011-05-31 02:01:54 734438 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-05-31 02:01:16 16535 ----a-r- c:\windows\SET12E.tmp
    2011-05-31 02:01:12 1088840 ----a-r- c:\windows\SET122.tmp
    2011-05-31 02:01:11 1296669 ----a-r- c:\windows\SET11F.tmp
    2011-05-30 21:44:41 65536 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\1881E2.tmp
    2011-05-30 17:06:56 -------- d--h--w- C:\RECOVERY
    2011-05-30 16:29:32 -------- d--h--w- c:\windows\system32\wbem\Repository
    2011-05-30 16:29:32 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-05-27 22:38:07 6962000 ---ha-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{18203369-1c4e-4e53-b6d7-cbd98ef75552}\mpengine.dll
    2011-05-18 21:55:11 388096 ---ha-r- c:\documents and settings\scott\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-05-18 21:55:09 -------- d--h--w- c:\program files\Trend Micro
    .
    ==================== Find3M ====================
    .
    2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-14 21:01:38 95824 ---ha-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-04-14 21:01:38 9344 ---ha-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-04-14 21:01:38 88736 ---ha-w- c:\windows\system32\drivers\mfendisk.sys
    2011-04-14 21:01:38 84488 ---ha-w- c:\windows\system32\drivers\mferkdet.sys
    2011-04-14 21:01:38 84200 ---ha-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-04-14 21:01:38 56064 ---ha-w- c:\windows\system32\drivers\cfwids.sys
    2011-04-14 21:01:38 52320 ---ha-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-14 21:01:38 387480 ---ha-w- c:\windows\system32\drivers\mfehidk.sys
    2011-04-14 21:01:38 314088 ---ha-w- c:\windows\system32\drivers\mfefirek.sys
    2011-04-14 21:01:38 153280 ---ha-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-04-03 19:44:27 0 ---ha-w- c:\windows\Ybacafesuj.bin
    .
    ============= FINISH: 7:52:53.25 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-01.06)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/31/2011 7:19:40 AM
    System Uptime: 6/2/2011 7:12:59 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0G679R
    Processor: Intel Pentium III Xeon processor | Socket 775 | 2792/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 12.302 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 5/31/2011 8:15:54 AM - System Checkpoint
    RP2: 5/31/2011 5:32:27 PM - Installed Windows Internet Explorer 8.
    .
    ==== Installed Programs ======================
    .
    6300
    6300_Help
    6300Trb
    7-Zip 4.57
    Acrobat.com
    ACT! 2000
    Ad-Aware
    Ad-Aware Email Scanner for Outlook
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1.2
    AiO_Scan_CDA
    AiOSoftwareNPI
    Apple Mobile Device Support
    Apple Software Update
    AviSynth 2.5
    BlackBerry Desktop Software 4.1
    BufferChm
    Compatibility Pack for the 2007 Office system
    ConvertXtoDVD 2.2.3.258h
    CutePDF Writer 2.8
    Dell Resource CD
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    eSupportQFolder
    EZ-DUB
    EZ-DUB Finder
    Fax_CDA
    ffdshow
    Free File Recovery 1.1
    GoToAssist 8.0.0.514
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Imaging Device Functions 7.0
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Product Assistant
    HP Software Update
    HP Solution Center 7.0
    ImgBurn
    InstantShareDevicesMFC
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections 12.1.12.0
    Internet Explorer (Enable DEP)
    iTunes
    Java 2 Runtime Environment, SE v1.4.1_07
    Java Auto Updater
    Java(TM) 6 Update 18
    K-Lite Codec Pack 4.7.5 (Standard)
    LiveUpdate
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    McAfee Virtual Technician
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Fix it Center
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Windows XP Video Decoder Checkup Utility
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NewCopy_CDA
    OGA Notifier 2.0.0048.0
    PanoStandAlone
    Platform
    ProductContextNPI
    QuickTime
    Readme
    Realtek High Definition Audio Driver
    Scan
    ScannerCopy
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows XP (KB923789)
    SolutionCenter
    Spell Checker For OE 2.1
    Spybot - Search & Destroy
    Status
    SUPERAntiSpyware Free Edition
    SyncBack
    System Requirements Lab for Intel
    Toolbox
    TrayApp
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VIA Platform Device Manager
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.0
    WebFldrs XP
    WebReg
    Windows Defender
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Live OneCare safety scanner
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    .
    ==== End Of File ===========================

    Step 5 Done

    Step 6 & 7 Done

    If possible as everyone says I would like to avoid a reformat if possible. I'm not great with computers but as you can see knowlegdeable enough to get myself in a very bad jam. Thanks in advance for any help. In desperate straits right now.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I will be glad to help with the malware. There are rogue malware programs on the system. These programs make it appear that programs and files are gone- they are not- they have been hidden. But we will run a program to 'unhide' them because changing the setting to 'show hidden files and folders' doesn't work for this.

    It also appears that you have one of the rogue 'error fix' programs. This one will alert you to numerous "errors" on the system> they are false also and it's important that you don't act on them. Once you click on the button they say you need to in order to 'fix' the 'error', you get more malware

    Be patient. Hopefully we will find and remove the malware entries and you will have everything back again!
    ==========================================
    You need to remove all of these sites from the Trusted Zone. The security is lower in that zone and you have put the entire internet into it!
    Open Internet Options either through Tools in IE or in the Control Panel> Select the Security tab> Click on Trusted Sites> Sites> highlight and remove all of these sites:
    NONE of these sites need to be in the Trusted Zone!
    Click on Apply when through> OK
    =====================================
    Do not do a System Restore. Do not try to do updates. Do not run any programs except those I instruct you to. Be patient. Everything is still in the system. Follow my instructions and run programs in the order I give them. If you have a problem with a program- don't try to fix it>> let me know so I can guide you.
    ======================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...