Inactive Hello, and I've got a booger of a bug

Status
Not open for further replies.
1

12ozRuss

Posts: 11   +0
Hi there,

Let me start by saying I have been following your boards for a while and just have joined. In the past reading your various posts have helped me get rid of simple adwares and malwares. But this time I believe I have caught a nasty one.

I cannot find the name of this virus so I'm not exactly sure what I am looking at. 3 days ago while my wife was tooling on the computer she somehow got the " XP Security 2012" Malware. I ran through the steps I found and thought I was rid of it, but then it just got worse. It seems that I have lost all permissions to scan, install, or run anything. I have downloaded Malwbytes, Combofix, adaware, hijackthis, rkill, gmer, everything I can find. I have installed these and tried to run them in safe modes (renaming and all) individually but cannot get anything to scan with out the program crashing. No logs to be found. I can see the thing running in my Processes under windows task mgr, but I can't stop it, or find it anywhere in my files by searching for it. The running process is:
3109447242:3046746438.exe it uses 480k memory as it runs.

I have tried stopping every service to see if it was attached to one. It starts up no matter what. And in Safe mode as well. I'm really at a loss. This PC has alot of goodies I do not want to lose. What should I do next? How do I get my permissions back?

Thanks in advance and sorry for the largte paragraph.....
-RW
 
Welcome to TechSpot! I'll help remove this frequent flyer.

If you have a System Restore Point set not too many days before you started 'gathering programs', restore the system to that date. If you do not know how to do this, please let me know- just tell me which OS you have.

This should remove all or most of these: "Malwbytes, Combofix, adaware, hijackthis, rkill, gmer, everything I can find."[/b] (See uninstaller for Combofix)

Sometimes users will go into panic mode and gather random programs, not knowing if they are appropriate or not. You comment of 'everything I can find' alerts me to tell you to stop!

If any of the other programs remain, or if you don't have a restore point, remove the programs in Add/Remove Programs, . Then use Windows Explorer (Right click on Start> Explore)> My Computer> Double click on Local Drive (C)> Programs> find the program folder for each of the scan you used and do a right click> Delete on each.

I hope this will restore the Service setting. If it does not, I'll have you check in the Event Viewer to see what's not running.

You will need to do this for Combofix: Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
=============================================
That being done, we will start at the beginning and deal with any problem that comes up. The infection you have comes on like a bear, but done right, it can be easily removed:

The following should be run in Normal Mode if you can. If you have any problem running a scan, please let me know and do not add programs unless I instruct you to. Hopefully this will stop you from running programs that are not appropriate for the infection.

Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
=============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Please do not change any settings unless I instruct you to.
 
Thanks for the reply. I am working on the 7 steps currently.

Windows XP Media Edition SP3


sorry didn't mention that already
 
Ok,
It would not allow me to do a system restore to a point existing before the infection. It would allow me to do a restore to earlier today so I did that. I did make sure all of the programs that I have installed are uninstalled.

I then went to the seven steps but have already failed on the first.
I downloaded and installed Avira with no problem, but it would not allow me to update giving me an error ( random charactors). It also would not do a full system scan without stopping in the beginning.

Thank you again...

Shall i continue to the next steps?
 
You don't know for sure when the infection was put of. I just wanted your use a system restore point to the closer date before you changed entries, Services, around and used multiple cleaning programs.

Please continue on. Remember if you get to where you can't do something, stop and tell me and I will help.

You do not need to run the scan with Avira- I have you do an online virus scan at the right point. And I'm wondering why you doesnloadrd Avira whwe you already had Norton

If ou're following this> https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
There is no 7th step

When I see your logs, I will get some idea what is not the system
 
Hi there again,

I was not running Norton, sorry if something in my messages indicated that.

Ok, I DL'd Malwarebytes from you site. Again it ended abruptly. No Log could be found for this run.
 
So far DDS is the only scan I can get to complete.
gmer did the same thing as Malwarebytes. It would start and then within 20 seconds just disappear with no error or anything. Then will not let me run the program again due to permissions.

Here is the DDS Test Log


DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Owner at 11:27:05 on 2011-08-11
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1303.0\msneshellx.dll
TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
IE: &Search
IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: turbotax.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} - hxxp://rockyou.com/RockYouImageUploader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://ssl.dacor.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner.your-1bc968e400\application data\mozilla\firefox\profiles\lepof94h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {B988DC76-4413-474C-8293-2DEE93C09E34} - c:\documents and settings\owner.your-1bc968e400\local settings\application data\{B988DC76-4413-474C-8293-2DEE93C09E34}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Megaupload Toolbar: {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} - %profile%\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-08-11 15:20:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-11 15:20:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-11 15:20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-11 01:04:41 -------- d-----w- c:\documents and settings\owner.your-1bc968e400\application data\Avira
2011-08-11 01:02:55 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-11 01:02:54 -------- d-----w- c:\program files\Avira
2011-08-11 01:02:54 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-08-10 21:52:49 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-10 21:52:48 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-10 21:52:13 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-08-10 21:29:03 -------- d-----w- c:\documents and settings\owner.your-1bc968e400\application data\SUPERAntiSpyware.com
2011-08-10 21:28:43 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-08-10 21:28:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-10 21:28:40 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-08-10 21:27:28 -------- d-----w- c:\windows\system32\CatRoot2
2011-08-10 21:25:18 98816 ----a-w- c:\windows\sed.exe
2011-08-10 21:25:18 518144 ----a-w- c:\windows\SWREG.exe
2011-08-10 21:25:18 256000 ----a-w- c:\windows\PEV.exe
2011-08-10 21:25:18 208896 ----a-w- c:\windows\MBR.exe
2011-08-10 21:25:06 -------- d-s---w- C:\readstgo
2011-08-10 20:29:36 -------- d-sh--w- C:\found.000
2011-08-10 03:21:53 -------- d-----w- c:\documents and settings\owner.your-1bc968e400\local settings\application data\Deployment
2011-08-10 02:20:23 -------- d-sh--w- c:\documents and settings\owner.your-1bc968e400\UserData
2011-08-09 21:47:04 -------- d-----w- c:\documents and settings\owner.your-1bc968e400\application data\AVG8
2011-08-09 03:01:57 79408 ----a-r- c:\program files\oooii
2011-08-09 02:03:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-08-09 01:10:19 -------- d-s---w- C:\something
2011-08-09 00:55:11 -------- d-s---w- C:\russell
2011-08-08 23:55:07 37392 ----a-w- c:\windows\system32\drivers\00510942.sys
2011-08-08 23:55:07 315408 ----a-w- c:\windows\system32\drivers\0051094.sys
2011-08-08 23:55:07 128016 ----a-w- c:\windows\system32\drivers\00510941.sys
2011-08-07 16:24:03 -------- d-----w- c:\program files\common files\PC Tools
.
==================== Find3M ====================
.
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2007-09-17 17:07:53 944797 ----a-w- c:\program files\wrar300.exe
2007-09-17 17:07:49 10278761 ----a-w- c:\program files\diner dash 2 (full).exe
.
============= FINISH: 11:28:18.79 ===============


Attach Log :
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3D MP3 Sound Recorder G2 RL4.04
7300
7300_Help
7300Trb
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Shockwave Player 11.5
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiOSoftware
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASAPI Update
Athlon 64 Processor Driver
Audacity 1.3.12 (Unicode)
AutoUpdate
AVI MPEG Converter 3
Avira AntiVir Personal - Free Antivirus
BigFix
Bonjour
BufferChm
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Comcast High-Speed Internet Install Wizard
Comcast Toolbar
Comcast Universal Installer v1.2
Compatibility Pack for the 2007 Office system
Convert VOB to AVI 1.7
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Desktop Doctor
Destinations
Digital Media Reader
DIGOpt
Director
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
DocumentViewer
Dora's Carnival 2: Boardwalk Adventure
DreamStation DXi2
DVD Solution
EZ MPEG TO AVI Converter 3.00
Fax
FFmpeg for Audacity on Windows
FlipShare
Free DVD ISO Burner version 1.2
GdiplusUpgrade
Google Gears
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPSystemDiagnostics
ImgBurn
InfoRapid Search & Replace
InstantShare
ISO Recorder
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 21
Jumpgate Classic 1.0112
Juniper Networks Secure Application Manager
Juniper Networks Secure Meeting 5.5.0
K-Lite Codec Pack 3.6.5 Full
LAME v3.98.2 for Audacity
Line 6 Edit (remove only)
Linksys EasyLink Advisor 1.5 (1010)
LiveUpdate 2.7 (Symantec Corporation)
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Mega Manager
Megaupload Toolbar
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Live Meeting 2007
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
MobileMe Control Panel
MovieEdit Task
Mozilla Firefox (3.0.19)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Napster Burn Engine
Nero Media Player
NVIDIA Drivers
NVIDIA PhysX
Online Community Suite 2.0
PanoStandAlone
PhotoGallery
PhotoStitch
ProductContext
QFolder
QuickTime
RAW Image Task 2.1
Readme
RealPlayer Basic
Realtek AC'97 Audio
Recovery Software Suite Gateway
Rhapsody Player Engine
Roblox for Owner
Safari
Scan
ScannerCopy
SDFormatter
Seagate Manager Installer
Search Settings v1.2.3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SkinsHP1
Sonic Encoders
Sony Noise Reduction Plug-In 2.0e
Sony Sound Forge 9.0
Steam
SUPERAntiSpyware
TrayApp
TurboTax 2008
TurboTax 2008 wgaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2007
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Ventrilo Client
Viewpoint Media Player
WBFS Manager 3.0
WebFldrs XP
WebReg
Windows Audio Recorder Professional 4.02
Windows Backup Utility
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
winpwn-2.5 2.5.0.0
WinRAR archiver
WinSCP 4.1.6
.
==== End Of File ===========================
 

Attachments

  • attach.txt
    15.7 KB · Views: 2
See if this helps:

Please download randmbam.exe

It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

Once done, try running a scan again> but with this change>>>>>>

Update and rescan with Malwarebytes:Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Pad before copying the log to paste in your next reply.
 
The program did generate random MWB names and each did load, but all closed within 4-5 seconds with no errors or logs.
 
Please run the following:


Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.pif
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

I need to see these logs. Please follow all directions.

Did you do the System Restore? Did it make any Difference?

I have tried stopping every service
Click to expand...
Did you get the Services running again correctly? If they are not, then it's possible that no matter what you try to do, it won't work
 
II tried System restores dated before yesterday and when the pc started back up it said it could not restore and no changes were made. The only restore point it would allow was from early yesterday and I really couldn't tell a difference.

Here are the logs from Rkill and exehelper:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 08/11/2011 at 13:58:57.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 08/11/2011 at 13:59:04.





exeHelper by Raktor
Build 20100414
Run at 13:59:21 on 08/11/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
 
[ Did you get the Services running again correctly? If they are not, then it's possible that no matter what you try to do, it won't work[/QUOTE]

I started all services having to do with internet and essentials.
If I do start every service my pc gets bogged down and will not hardly run at all.
Meaning that it is way too slow and will not allow access to any exe files or internet.

I did however try to star all services to get these programs in the 6 steps to run,
but to no avail.
 
For the record the PC will not boot in safe mode.
Is there any way to go in an manually get my permissions back? I can't run anything without getting access denied now.
 
I am not confident that you are knowledgeable enough to know which Services must be set to Automatically start on boot, which can be set to Manual and which can be disabled. To that end, please review the Safe Setting here: Scroll own to the chart:
Black Viper’s Windows XP x86 (32-bit) Service Pack 3 Service Configurations..
Set your Services accordingly. And take care to make sure any of the Dependencies are set to either Manual or Automatic.

If these aren't set correctly, no matter what else we do, we may get nowhere. When you have finished reconfiguring the Services, let me know and we'll continue.
 
Been away on business...

Thank you for posting the services guide. I did start all of the correct services up. Unfortunately when I do this, I lose all functionality of the computer. It seems that the virus is attached to one or more of the services. I believe at this point I am going to take the harddrive out and see if I can get it serviced.

A friend suggested buying a USB/IDE cable and slaving the harddrive to another machine and running the anti malware to scan it that way. Does this sound logical?
 
It would not allow me to do a system restore to a point existing before the infection
Click to expand...

That is not what I asked you to do. I only wanted you to restore to the point before you started the random programs to try and get rid of the malware! There is a big difference!

I'm trying to undo the damage you did by this:
I have downloaded Malwbytes, Combofix, adaware, hijackthis, rkill, gmer, everything I can find. I have installed these and tried to run them in safe modes (renaming and all) individually but cannot get anything to scan with out the program crashing
Click to expand...

And if the Services are set correctly, that should not prevent the system from running. You hve been icking and choosing what you think needs to be stopped or even started- that is not the way to clean malware. A cleaning is a very orderly process. It can also make a difference in the order that the scans are run.

Unless something you did trying to 'fix' the system made the change, if it's a Service it should be seen in Combofix or one of the other scans.

You have an extraordinary number of addon, most are Active X. Open IE> Tools> Choose 'run without addons.'
If you can't do that, manually stop:
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} - hxxp://rockyou.com/RockYouImageUploader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://ssl.dacor.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
Click to expand...
There are 3 outdated versions of Java on the system. They need to be removed:
You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that
    a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
===========================================
You will have malware in the Java cache because of this, so it has to be emptied:
To clear the Java Plug-in cache:

  • [1]. Click Start > Control Panel.
    [2]. Double-click the Java icon in the control panel.
    java.png
    The Java Control Panel appears.
    plugin_cache1.jpg

    [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
    plugin_cache2.jpg

    [4] Click Delete Files.The Delete Temporary Files dialog box appears.
    plugin_cache3.jpg

    [5]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [6]. Click Apply> OK on Temporary Files Settings window.
Images courtesy java.com
========================================
Can't you boot into Normal Mode?
 
Ok, sorry for the misunderstanding. What I should have said is, I tried to do a system restore to 6 different restore points. It would only restore to a point set earlier the day you asked me to. So it was no good either way. I cannot do any system restore now, because the machine eventually quit responding to anything I tried. No programs would run, I could not boot in ANY other mode at all without crashing, and I couldn't run the Windows XP ME disk without crashing.

So now I have pulled the drive, and attached it as a slave to an older PC I have running XP ME. I have the drive being scanned by AVG currently and it has Identified "Win32/Katusha.a" attached to 34 files (most of which are anti virus, google updates, and Windows security files. It has also detected 3 instances of a Trojan called "Agent2.AWEB" . It is only 57% of the way finished scanning.

I sincerely appreciate your effort in assisting me in this, but I could no longer operate the system in its current condition. I'm pretty sure my Windows installation is hosed on this drive, but if I can get it clean and save all of my important files, I'll be happy man.
 
It would appear that the only way you're going to get the system operable again is to do a reformat/reinstall.

The important files should have been on a back up. So much has been done to the system in an effort to 'fix' it, that it has become so unstable you can't boot.

I wish I could make you a 'happy man', but I don't think it's going to happen with this system. You it is extremely vulnerable with all those Active X entries. Those are the ones I quoted in my Reply #16.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
476
eriksnyman1
E
B
Help with "special permissions" please
Replies
1
Views
531
Nelson28
N
dcovalencia
Solved Downloaded a .exe file from a copy of a website
Replies
23
Views
3K
Broni
Broni

Latest posts

Back