Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Help needed with infection

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
LuisM
Newbie


Joined: 02 May 2012
Last Visit: 03 May 2012
Posts: 1
Location: Miami, FL US

PostPosted: Wed May 02, 2012 9:13 pm    Post subject: Help needed with infection Reply with quote

Hello,

I'm a computer professional (SQL DBA) which also makes me the official family's computer technician. I've been dealing with a severe malware infection on my father's PC for a week now and I still can't seem to be able to get rid of all traces of malware/spyware. When I started a week ago the computer was barely alive. I've run Malwarebytes, Superantispyware, Norton AV 2012, TDSKiller, performed a in-place reinstall/repair of Win XP and removed/reinstalled Firefox and most plugins. I still see strange behavior like the Firefox start page keeps getting changed to Searchcore.net and Babylon Search keeps being setup as the default search engine. I have run multiple passes of all programs listed above in both Normal and Safe modes and have been getting no infection reports for the last couple of days. Any assistance you can provide will be very much appreciated. Below are the DDS logs.

Thanks in advance
Luis
------------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by OrlandoM at 0:02:53 on 2012-05-03
.
============== Running Processes ===============
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\OrlandoM\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9D0gNIIJxqUS3HJFTkr8IUesYKFMDS6nvlGi6wMOZhQlbAYhPbeAa73QTlOe2/YJJXdHYIckyrCowyIivvVKlybW7Q/d9nDnQEoN1wRcjDXAj1eash2g8Tcg=
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - c:\program files\maps4pc_0c\bar\1.bin\0cSrcAs.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.1.3\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Searchcore Toolbar: {af6ac4f2-9825-4fb6-a600-92bc5361f209} - c:\progra~1\search~1\datamngr\toolbar\searchcoredtx.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
TB: Searchcore Toolbar: {af6ac4f2-9825-4fb6-a600-92bc5361f209} - c:\progra~1\search~1\datamngr\toolbar\searchcoredtx.dll
TB: {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {2D51D869-C36B-42bd-AE68-0A81BC771FA5} - No File
EB: {7BED0340-176B-44bc-915E-C21C1DD6F617} - No File
uRun: [Google Update] "c:\documents and settings\orlandom\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Email] C:\Program Files/Email/Internet/run.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Search - http://tbedits.mywebsearch.com/one-toolbaredits/menusearch.jhtml?s=200401157&p=YWxdm001YYus&si=maps4pc&a=2D31BFB2-7462-4BF5-8A1E-CCC82FD2D9A1&n=2011090521
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=6&t=nB0SxiVsv
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120499332802
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{98FB3A88-1455-4916-A79B-D4E533AFB7AC} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{E5E1DB2F-C09D-41CF-90CE-AEFC00F780B9} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: protector.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\orlandom\application data\mozilla\firefox\profiles\50v1qdea.default\
FF - prefs.js: browser.search.selectedengine - search the web (babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.searchcore.net/426
FF - prefs.js: keyword.url - hxxp://search.babylon.com/?af=110397&babsrc=adbartrp&mntrid=dcc7dcf800000000000000132059d65f&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.20816.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R? gupdatem;Google Update Service (gupdatem)
R? LMIRfsClientNP;LMIRfsClientNP
R? MozillaMaintenance;Mozilla Maintenance Service
S? !SASCORE;SAS Core Service
S? BHDrvx86;BHDrvx86
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? gupdate;Google Update Service (gupdate)
S? IDSxpx86;IDSxpx86
S? IDVaultSvc;CGPS Service
S? LMIGuardianSvc;LMIGuardianSvc
S? LMIInfo;LogMeIn Kernel Information Provider
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? N360;Norton Security Suite
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
.
=============== Created Last 30 ================
.
2012-05-02 19:49:05 -------- d-----w- c:\windows\system32\Extensions
2012-05-02 07:39:56 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-05-02 07:38:22 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-05-02 07:38:22 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-05-02 07:38:22 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-05-02 07:38:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-05-02 07:38:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-05-02 07:38:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-05-02 07:38:21 11082752 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-05-02 04:28:49 -------- d-----w- c:\documents and settings\orlandom\application data\SUPERAntiSpyware.com
2012-05-02 04:27:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-02 04:27:33 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-05-02 02:25:51 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-05-02 02:25:20 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-05-02 02:24:57 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-05-02 02:23:55 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-05-02 02:22:47 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-05-02 02:21:25 1860096 -c----w- c:\windows\system32\dllcache\win32k.sys
2012-05-02 02:20:27 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-05-02 02:20:06 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
2012-05-02 02:20:04 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-05-02 02:19:43 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-05-02 02:19:41 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-05-02 02:18:03 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-05-01 07:49:38 -------- d-----w- c:\program files\MSXML 6.0
2012-05-01 07:28:19 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2012-05-01 07:28:17 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2012-05-01 07:24:55 19569 ----a-w- c:\windows\003149_.tmp
2012-05-01 06:24:56 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-05-01 06:23:34 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-05-01 06:23:16 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-05-01 06:21:41 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-05-01 06:21:40 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-05-01 06:21:14 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-05-01 06:21:13 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-05-01 06:21:13 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-05-01 06:21:12 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-05-01 06:21:12 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-05-01 06:21:11 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-05-01 06:21:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-05-01 06:17:13 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-05-01 06:11:49 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-05-01 06:04:09 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-05-01 05:37:08 331384 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symtdiv.sys
2012-05-01 05:37:07 744568 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symefa.sys
2012-05-01 05:37:07 369784 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symtdi.sys
2012-05-01 05:37:07 299640 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symnets.sys
2012-05-01 05:37:06 516216 ----a-w- c:\windows\system32\drivers\n360\0502010.003\srtsp.sys
2012-05-01 05:37:06 50168 ----a-w- c:\windows\system32\drivers\n360\0502010.003\srtspx.sys
2012-05-01 05:37:06 340088 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symds.sys
2012-05-01 05:37:06 136312 ----a-r- c:\windows\system32\drivers\n360\0502010.003\ironx86.sys
2012-05-01 05:35:47 -------- d-----w- c:\windows\system32\drivers\n360\0502010.003
2012-05-01 05:32:59 135168 ----a-w- c:\windows\system32\igfxres.dll
2012-05-01 05:09:29 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-05-01 05:09:29 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-05-01 05:09:25 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2012-05-01 05:09:11 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2012-05-01 05:09:09 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2012-05-01 05:09:09 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe
2012-05-01 05:09:09 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll
2012-05-01 05:09:08 185344 -c--a-w- c:\windows\system32\dllcache\thawbrkr.dll
2012-05-01 05:09:07 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys
2012-05-01 05:09:07 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys
2012-05-01 05:09:07 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys
2012-05-01 05:09:01 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2012-05-01 05:07:58 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-05-01 05:06:56 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2012-05-01 05:05:56 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2012-05-01 05:05:47 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2012-05-01 05:02:41 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-05-01 05:02:41 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-05-01 05:01:53 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll
2012-05-01 04:07:14 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-05-01 04:07:14 13312 ----a-w- c:\windows\system32\irclass.dll
2012-05-01 04:07:13 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-05-01 04:07:13 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-05-01 04:06:37 13753 ----a-r- c:\windows\SET173.tmp
2012-05-01 04:06:29 1086058 ----a-r- c:\windows\SET167.tmp
2012-05-01 04:06:25 1042903 ----a-r- c:\windows\SET164.tmp
2012-04-30 23:49:31 -------- d-----w- c:\windows\dell
2012-04-28 07:06:58 -------- d-----w- c:\windows\pss
2012-04-26 06:21:11 8007680 ----a-w- c:\program files\mozilla firefox\Microsoft.mshtml.dll
2012-04-26 06:21:11 1717832 ----a-w- c:\program files\mozilla firefox\IdVaultCore.dll
2012-04-26 06:21:11 136776 ----a-w- c:\program files\mozilla firefox\CommonDotNET.dll
2012-04-26 06:21:11 104008 ----a-w- c:\program files\mozilla firefox\IdVaultCore.XmlSerializers.dll
2012-04-26 05:00:27 -------- d-----w- c:\documents and settings\orlandom\application data\TeamViewer
2012-04-26 03:43:07 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-26 03:42:31 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-26 03:42:30 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-26 03:41:39 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-04-26 03:40:43 -------- d-----w- c:\windows\system32\drivers\N360
2012-04-26 03:40:36 -------- d-----w- c:\program files\Norton Security Suite
2012-04-26 03:39:58 -------- d-----w- c:\program files\NortonInstaller
2012-04-26 03:39:58 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-15 15:51:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-15 15:51:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-15 11:14:45 790520 ----a-w- c:\windows\system32\protector.dll
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-09 02:00:41 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-09 02:00:40 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-02-09 02:00:37 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-09 02:00:37 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 0:05:13.73 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/1/2012 1:09:55 AM
System Uptime: 5/2/2012 4:06:46 PM (8 hours ago)
.
Motherboard: Dell Computer Corp. | | 0TC666
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 9.77 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 5/1/2012 10:12:52 PM - System Checkpoint
RP2: 5/2/2012 3:00:22 AM - Software Distribution Service 3.0
RP3: 5/2/2012 2:12:38 PM - Software Distribution Service 3.0
RP4: 5/2/2012 3:28:11 PM - Removed DellSupport.
RP5: 5/2/2012 3:34:07 PM - Removed Modem Helper
RP6: 5/2/2012 3:35:03 PM - Removed Modem Event Monitor
RP7: 5/2/2012 3:43:38 PM - Removed Photo Click
RP8: 5/2/2012 3:45:12 PM - Removed Microsoft Encarta Encyclopedia Deluxe 2004
RP9: 5/2/2012 3:46:43 PM - Removed Dell Media Experience
RP10: 5/2/2012 3:48:35 PM - Removed GuardedID.
.
==== Installed Programs ======================
.
5600
5600_Help
5600Trb
Acrobat.com
Adobe AIR
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9.5.1
AiO_Scan
AiOSoftware
AOLIcon
AVG 2012
Belkin Setup and Router Monitor
BufferChm
Comcast High-Speed Internet Install Wizard
Constant Guard Protection Suite
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Dell Driver Reset Tool
Dell System Restore
Destinations
DeviceManagementQFolder
Disney Toontown Online
DocProc
eSupportQFolder
Fax
GdiplusUpgrade
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
LogMeIn
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MVision
NewCopy
Norton Security Suite
PC Performer
PowerDVD 5.5
PrimoPDF -- brought to you by Nitro PDF Software
ProductContext
QuickTime
QuizMaster 4
Readme
RealPlayer Basic
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Shockwave
Skype web features
Skype™ 4.1
SolutionCenter
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
Status
SUPERAntiSpyware
TestGen
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
WexTech AnswerWorks
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
XFINITY Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/2/2012 4:02:49 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CGPS Service service to connect.
5/2/2012 4:02:49 AM, error: Service Control Manager [7000] - The CGPS Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/2/2012 3:43:50 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Thu May 03, 2012 1:17 am    Post subject: Reply with quote

The log you have posted is from a version of Windows that is no longer supported by Microsoft (Windows XP with no Service Packs installed ceased being supported on 3th Sept 2004).

There is absolutely no point at all in trying to clean this machine as it will be re-infected as soon as you connect it to the internet.

My advice to you is to reformat the hard drive and re-install Windows XP, then immediately install the necessary Service Packs to bring it up to SP3. (SP1a, SP2, SP3)

This topic is now closed.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group