0

Hi,

I'm currently on my works PC, but after 2 days of suffering this bitch and trying various solutions to no avail, I thought I better get the ball rolling...

I am running Windows XP and the virus has rendered use of task manager and delition of the virus DLL file impossible. I can access safe mode and have been able to access and run Malwarebytes, but only when in the safe mode command prompt and when logged in as 'Administrator', rather than myself.

Where do I go next with this and what other information do you require?

Thanks in advance :)

4
Contributors
17
Replies
18
Views
6 Years
Discussion Span
Last Post by jholland1964
0

Try the following steps. Boot to Safe Mode with Networking if possible.
Go to this download page link
http://www.bleepingcomputer.com/download/anti-virus/rkill
When at the download page, click on the Download Now button labeled iExplore.exe download link. When you are prompted where to save it, please save it on your desktop.

Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with this infection.
Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Windows Error Correction and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by the infection when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that RKill can terminate the infection processes . So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again.

If you continue having problems running RKill, you can download the other renamed versions of RKill from the RKill download page. All of the files listed there are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab.

After rkill has run then attempt to update MBA-M and run a new full scan with it. Have it remove everything found and THEN reboot the computer.

Post back here with that MBA-M log if possible.
Also see if you can run the other programs requested in our Read Me Sticky and post back with those logs.
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Edited by jholland1964: n/a

0

try using license anti virus like norton have a fullscan to all the drives you had...

0

try using license anti virus like norton have a fullscan to all the drives you had...

A licensed anti-virus program is certainly not required to keep a computer clean there are several excellent Free programs that work as well, if not much better than a licensed product and at this point, until the infection processes are stopped, there is not a single program that is going to scan the computer and clean licensed or free. That is what these types of infections do, disable cleaning tools or stop them from starting entirely. You should do some research before posting recommendations.

0

Hi, finally managed to transfer this scan via my Android phone (was rather worried about doing this tbh, but the phone seems ok). It seems pretty small in comparison with the others that have been posted, but hopefully it will tell you something:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4305

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

10/03/2011 18:42:55
mbam-log-2011-03-10 (18-42-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 248454
Time elapsed: 1 hour(s), 42 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Casino\Betfair Casino\_SetupCasino_395a[1].exe (Adware.Casino) -> Quarantined and deleted successfully.

Unfortunately, safe mode with networking isn't functional and I can gain no internet access through the infected PC.

As regards the Read me; I have disabled Ares file sharer as requested, but have none of the programs listed. I do have a file called 'Hijack This' though, if that is of any use?

Thanks.

0

Sorry to tell you but your version of MBA-M is at least 6 months old.Current version is 1.50 and database is nearly 2000 farther ahead than what you have so even though your scan found and removed items there must be many others because your version wouldn't have the capability of scanning for any infections released since your program was last updated.
The programs on the Read Me Sticky must be downloaded and run, the links are there, very few people would have these on their computers as a matter of course.
Try to download all, including a new version of MBA-M onto a flash drive and take them to the infected computer and install them from that drive.

0

Hi, I now have every download that has been mentioned, including RKill and have managed to transfer them to the infected PC. I am just running an MBA-M scan now and will endeavour to get back to you tomorrow with the results of that and of the other programs.

Thanks once again.

0

I came across a computer with something very similar to this.

The way I got it removed was as mentioned leaving the warning up and trying my programs again and i actually got it gone. The programs I used were as follows:

1) Ensure install of Hi-Jack-This (HJT), EasyCleaner (EC), Avast Anti-Virus(AAV) (or AVG), MalwareBytes (MBM), and Super Anti-Spyware (SAS)
2) Boot to regular Safe-Mode and Attempt a HJT if succesfull elimamte all items found.
3) Open EC and run Startup Scan. Eliminate all items that are marked Red and Yellow and any thing Questionable and unnecesarry.
4) In EC run Registry Scan and (Depending on Vista for OS) Elimate the tracking files and any strange valued Reg Keys.
5) Open MBM and do a full Scan and eliminate all files found.
6) Open SAS and do a full scan and eliminate all files found.
7) Open AVG or AAV and do a full scan and eliminate all files found.

Once this is all done I restarted the computer and all worked out fine and no more problems. Give it a shot and see how things are.

Note: If using Win Vista, Be very CAREFUL when using EASYCLEANER... Be sure to read over everything in the registry scan in that OS before deleting anything because it may detect some of the required ".INI" Files as infection threads in the registry.

Also to be safer make a drive image of the computer or a System Restore Point before using this method since if done wrong, or in a case of loss of power, it can damage the system and require a System Restore.

Edited by DAS-03590: n/a

0

Thanks for your input DAS. Alfreton Red is following our recommended steps to remove the infection.
I want to caution on two items, EasyCleaner for one. Registry cleaners are really not recommended. If there are infected registry entries then MBA-M will remove them as will any other tools we may recommend at a later date.
System Restore should most definitely be left alone until the clean up is complete.

0

Well, it is fine but with the one i got i had to use it in order to get the infection gone so i could open the others up in Safe and normal modes. But that is also why even if my computer is infected i make a backup of the drive in case anything does go wrong, then you would lose nothing. Its just what I do and really it has been a good little habit to have. Though it is understood that a back up is recommended for a cleaned system.

0

I understand all you are saying, however, the middle of somebody else's working thread is not the place for discussion of other methods. It can cause great confusion for the original poster and those working with them on the thread. This can be called thread hijacking and is not allowed or tolerated.

What may have worked for one computer may not work for another. We are not 100% certain WHAT infection is on the computer, even though it seems to be similar to what you had on yours it may not be the same at all and may require totally different steps.

I will say again, we ask for specific steps as a beginning in our Read Me Sticky found here http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

These steps are what the original poster is now following. Once those steps are completed and the logs are posted then we shall proceed to run other programs IF needed. If not then final instructions will be given to maintain the computer.

Edited by jholland1964: n/a

0

Hi Again,

Please see below the results of my MBA-M log and the 2 DDS logs.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

15/03/2011 23:43:19
mbam-log-2011-03-15 (23-43-19).txt

Scan type: Full scan (C:\|)
Objects scanned: 259994
Time elapsed: 1 hour(s), 51 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Temp\20be3a4c.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\29a97848.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3d9b4892.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3f5336cd.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\419207f1.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\55f08d89.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\5c0ade3f.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\61290c19.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\71521502.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\854d9ec7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\958f1f5b.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\9784b5c7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\a988a1ae.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\acd40f2b.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\ae7e26c9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\b34ea042.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\b6cbbf59.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\bbe02db2.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\c31085af.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\cd44dbab.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\d2e90bd3.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\dc0ecd1b.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\e356f849.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\e54b15d0.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\f106fbce.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\fa0d6f8c.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\fd0b3815.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\stephen clark\local settings\Temp\ijkuhsf987euf9hsu7eygd.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\joidfj87se9fuiuosdj.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\stephen clark\local settings\Temp\joidfj87se9fuiuosdj.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.

The normal DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86 MINIMAL
Run by Administrator at 22:42:20.96 on 16/03/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1215.851 [GMT 0:00]
.
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://g.msn.co.uk/0SEENGB/SAOS01
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} - c:\progra~1\orange3\orange3.dll
TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0000.1082\en-gb\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Kfonup] rundll32.exe "c:\windows\egivirebanu.dll",Startup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} - hxxp://www.pplive.com/download/WEBInstall.exe
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-7-12 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-12 216400]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-12 29584]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-12 243024]
S2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-12 921952]
S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-12 308136]
S2 gupdate1c9ed1d70e47668;Google Update Service (gupdate1c9ed1d70e47668);c:\program files\google\update\GoogleUpdate.exe [2009-6-14 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-7-12 431432]
S3 tcpip_patcher;tcpip_patcher;\??\c:\program files\ares\tcpip_patcher.sys --> c:\program files\ares\tcpip_patcher.sys [?]
.
=============== Created Last 30 ================
.
2011-03-16 21:19:54 672256 -c--a-w- c:\docume~1\alluse~1\applic~1\6322515.exe
2011-03-15 21:47:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-14 21:39:29 672256 -c--a-w- c:\docume~1\alluse~1\applic~1\318062.exe
2011-03-09 23:36:55 672256 -c--a-w- c:\docume~1\alluse~1\applic~1\17288343.exe
2011-03-08 22:12:07 672256 -c--a-w- c:\docume~1\alluse~1\applic~1\38640.exe
2011-03-08 22:08:38 672256 -c--a-w- c:\docume~1\alluse~1\applic~1\42578.exe
2011-03-08 19:53:50 -------- dc----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-03-07 20:14:09 696320 -c--a-w- c:\docume~1\alluse~1\applic~1\KDfipsQcxuWorYT.dll
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ------w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ------w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
2006-08-26 11:05:54 6206440 -c--a-w- c:\program files\winamp524_full_emusic-7plus.exe
2006-08-26 10:36:52 15149416 ----a-w- c:\program files\DivXInstaller.exe
2006-08-24 19:27:02 49083656 -c--a-w- c:\program files\AoE2demo.exe
2006-08-24 04:22:53 1542120 -c--a-w- c:\program files\aresregular192_installer.exe
2006-08-24 03:45:33 278528 -c--a-w- c:\program files\common files\FDEUnInstaller.exe
2006-08-23 23:35:00 996032 -c--a-w- c:\program files\mfme-32.exe
.
============= FINISH: 22:43:05.89 ===============

The DDS 'Attach' log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 24/08/2006 03:41:59
System Uptime: 16/03/2011 19:34:31 (3 hours ago)
.
Motherboard: Foxconn | | 661 7MI
Processor: Intel(R) Celeron(R) CPU 2.80GHz | Socket 775 | 2800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 28.38 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32Red Poker Room
4oD
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
Adobe® Photoshop® Album Starter Edition 3.0
Apple Software Update
AutoUpdate
AVG 9.0
Betfair Casino
Betfair Poker
Bing Maps 3D
CA eTrust Antivirus
Championship Manager 2010 Challenge Demo
ChildGuard
Command & Conquer Red Alert 2
Command && Conquer Red Alert 2 - Yuri's Revenge
Critical Update for Windows Media Player 11 (KB959772)
DivX
DivX Converter
DivX Player
DivX Web Player
Driving Test Success - All Tests (2008-2009)
eMusic - 50 Free MP3 offer
eTrust Registration
Football Manager 2006 Gold Demo
Football Manager 2007
Football Manager 2007 Gold Demo
Football Manager 2008 Gold Demo
Football Manager 2009 Demo
Football Manager 2010 Demo
Fruit Machine Emulators
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 1.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Ladbrokes Poker
Lexmark 730 Series
LG PC Suite
LG USB Modem driver
Malwarebytes' Anti-Malware
Media Go
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Age of Empires II Trial Version
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX SDK (November 2008)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Microsoft Zoo Tycoon
Mozilla ActiveX Control v1.7.12
MSN Search Toolbar
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NoLimits Coasters Demo 1.55 (remove only)
Orange Search Toolbar
ParetoLogic FileCure
PokerStars
Power2Go 4.0
PowerDVD
PowerStarter
PPStream
QuickTime
RealPlayer
Roll
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Smart Link 56K Voice Modem
Sony Ericsson PC Suite 1.20.173
SopCast 3.2.8
Tesco internet access dialler
Theme Hospital
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV 0.9.18
VideoLAN VLC media player 0.8.6d
WebFldrs XP
Westwood Shared Internet Components
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 15.0
.
==== Event Viewer Messages From Past Week ========
.
15/03/2011 23:47:08, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x PCIIde perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
14/03/2011 21:49:45, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%5" Happened while starting this command: "C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding
11/03/2011 16:50:13, error: Service Control Manager [7022] - The KService service hung on starting.
11/03/2011 16:48:52, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/03/2011 19:48:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/03/2011 19:47:00, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/03/2011 19:46:49, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/03/2011 19:44:29, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
10/03/2011 19:44:29, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/03/2011 19:44:29, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/03/2011 19:44:29, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/03/2011 19:44:29, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/03/2011 19:02:22, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m AFD agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 AvgLdx86 AvgMfx86 AvgTdiX cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o Fips hpn i2omp ini910u IntelIde intelppm IPSec mraid35x MRxSmb NetBIOS NetBT PCIIde perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 RasAcd Rdbss Sparrow symc810 symc8xx sym_hi sym_u3 Tcpip TosIde ultra viaagp ViaIde
09/03/2011 18:59:24, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
.
==== End Of File ===========================


Thanks once again :)

0

There is still infection showing in the logs.
Uninstall all of these programs,
CA eTrust Antivirus
AVG 9.0
ParetoLogic FileCure

Then do the following:
Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer or you may use Firefox to complete this scan and you will need to allow an Active X to be installed
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Post back with that log.

0

There is still infection showing in the logs.
Uninstall all of these programs,
CA eTrust Antivirus
AVG 9.0
ParetoLogic FileCure

Then do the following:
Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer or you may use Firefox to complete this scan and you will need to allow an Active X to be installed
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Post back with that log.

I will uninstall the aforementioned, no worries. However, from clicking the link provided it: 1 - Does not appear to work and 2 - If this is an online scanner I won't be able to run it on my PC, considering I can't obtain internet access?

0

You still cannot get online? When was the last time you tried? How do you normally connect?

Edited by jholland1964: n/a

0

There is still infection showing in the logs.
Uninstall all of these programs,
CA eTrust Antivirus
AVG 9.0
ParetoLogic FileCure

Just a question of curiosity... Why uninstall AVG 9.0?

0

Just a question of curiosity... Why uninstall AVG 9.0?

Because it is out of date for one thing and another, it is just not a very good av program. I see more infected computers running AVG, any version, than any other av program. It ranks much lower in independent UNPAID testing than most other programs.Plus the poster had three anti-virus programs installed and running on the machine, meaning none of them would work correctly. The absolute rule is ONE anti-virus program and ONE firewall should be running on a computer, no more.

Edited by jholland1964: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.