Total Security-PC won't connect, enter safe mode, etc..

View previous topic View next topic Go down

Total Security-PC won't connect, enter safe mode, etc..

Post by Andrea29 on Tue Sep 22, 2009 3:33 am

Hello,

My daughter picked this up two days ago and I cannot get rid of it. My PC (windows XP) won't connect to the Internet or enter any safe mode. I've done some research on this particular spyware/malware today. Tech support at the University didn't do me any good. I've read the messages and responses below and cannot initiate anything I've seen here or on the web. I'm primarily a Mac user and have downloaded several different anti-malware/spyware programs using my Mac and then moved them to a flash drive, but when I plug it in to the PC I'm unable to open and run any of them, even if I change the names completely. It may have infected/fried the flash drive as I cannot delete what I put on it. I use the PC for my school work and I'm at a loss as to what to do next. After several moves I don't have the original OS discs to even reinstall and start over. Anyone have any advice? This dang program seems to be learning exponentially and thwarting any attempts to remove it.

Thanks for any assistance, Andrew

Andrea29
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-09-22
OS OS : windows XP
Points Points : 26318
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security-PC won't connect, enter safe mode, etc..

Post by Dr Jay on Tue Sep 22, 2009 4:23 am

Hi

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    winlogon.exe
    comres.dll
    crypt32.dll
    gpedit.dll
    rundll32.exe
    sfc.dll
    svchost.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security-PC won't connect, enter safe mode, etc..

Post by Andrea29 on Tue Sep 22, 2009 5:11 am

Hello and thank you,

I cannot access the Internet. Even Firefox will not open on this PC because of this. So I cannot dwnld anything on it. I will gladly donate as I truly appreciate this concept. I really need some help though and I cannot seem to access anything on this PC or resolve anything.

Andrea29
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-09-22
OS OS : windows XP
Points Points : 26318
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security-PC won't connect, enter safe mode, etc..

Post by Andrea29 on Tue Sep 22, 2009 5:14 am

I'm communicating via my Mac wirelessly.

Andrea29
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-09-22
OS OS : windows XP
Points Points : 26318
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security-PC won't connect, enter safe mode, etc..

Post by Dr Jay on Tue Sep 22, 2009 7:21 am

Hi

Please transfer the download from another computer to the infected computer, then run as instructed.

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:




  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security-PC won't connect, enter safe mode, etc..

Post by Andrea29 on Tue Sep 22, 2009 8:27 pm

Hello, and thanks again. Here's the report.

ComboFix 09-09-22.01 - Andrew Evans 09/22/2009 14:08.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.248.104 [GMT -5:00]
Running from: G:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\19074064
c:\documents and settings\All Users\Application Data\19074064\19074064
c:\documents and settings\All Users\Application Data\19074064\19074064.exe
c:\documents and settings\All Users\Application Data\19074064\pc19074064ins
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\Starware
c:\documents and settings\All Users\Application Data\Starware\buttons\blocker.cur
c:\documents and settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\games.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\gamesA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\moviesA.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\PopupBlocker.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\PopupBlockerHot.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\popupblockerhotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\popupblockerxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware\buttons\screensaver.bmp
c:\documents and settings\All Users\Application Data\Starware\buttons\screensaverA.bmp
c:\documents and settings\All Users\Application Data\Starware\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware\contexts\related.xml
c:\documents and settings\All Users\Application Data\Starware\contexts\travel.xml
c:\documents and settings\All Users\Application Data\Starware\contexts\Travel.xml.backup
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
c:\documents and settings\Andrew Evans\Application Data\Starware
c:\documents and settings\Andrew Evans\Application Data\Starware\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\Games\GamesOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\Games\GamesOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\Layouts\PreferencesLayout.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\Layouts\ToolbarLayout.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\Manager\ManagerOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\Manager\ManagerOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\Movies\MoviesOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\Movies\MoviesOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\Reference\ReferenceOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\Screensavers\ScreensaversOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\Toolbar\TBProductsOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Andrew Evans\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Andrew Evans\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Andrew Evans\Local Settings\Temporary Internet Files\temp.dmf
c:\documents and settings\Cassie\Application Data\Starware
c:\documents and settings\Cassie\Application Data\Starware\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Cassie\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\Games\GamesOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\Games\GamesOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\Layouts\PreferencesLayout.xml
c:\documents and settings\Cassie\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\Layouts\ToolbarLayout.xml
c:\documents and settings\Cassie\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\Manager\ManagerOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\Manager\ManagerOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\Movies\MoviesOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\Movies\MoviesOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\Reference\ReferenceOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\Screensavers\ScreensaversOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\Toolbar\TBProductsOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Cassie\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Cassie\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\Cache\16725603
c:\program files\MyWebSearch\bar\Cache\167258C2
c:\program files\MyWebSearch\bar\Cache\1672599C.bin
c:\program files\MyWebSearch\bar\Cache\16725B04.bin
c:\program files\MyWebSearch\bar\Cache\16725C6B.bin
c:\program files\MyWebSearch\bar\Cache\16CB72D1.bin
c:\program files\MyWebSearch\bar\Cache\16CB7419.bin
c:\program files\MyWebSearch\bar\Cache\16CB7503.bin
c:\program files\MyWebSearch\bar\Cache\16CB75BF.bin
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\starware
c:\program files\starware\brand.bmp
c:\program files\starware\StarwareConfig.xml
c:\recycler\S-1-5-21-1261621285-1477548022-989852559-1003
c:\recycler\S-1-5-21-1858719370-1284730920-280229-1003
c:\recycler\S-1-5-21-2986254692-134980955-3750287534-1003
c:\recycler\S-1-5-21-3417005650-856340596-363916989-1003
c:\recycler\S-1-5-21-3498395064-537742545-781627400-1003
c:\recycler\S-1-5-21-3577241496-1767733669-2870220648-1003
c:\recycler\S-1-5-21-4050325229-2832786107-4058634474-1003
c:\recycler\S-1-5-21-4259355650-1875050185-699564103-1003
c:\windows\MailSwitch.ocx
c:\windows\patch.exe
c:\windows\system32\kiligefu.dll
c:\windows\system32\lenidure.exe
c:\windows\system32\logon.exe
c:\windows\system32\nasipato.dll
c:\windows\system32\nijegano.dll
c:\windows\system32\rijukavi.dll
c:\windows\system32\sonudodu.dll
c:\windows\system32\tibipaku.dll
c:\windows\system32\titeyuma.dll
c:\windows\system32\yofiheja.dll
c:\windows\system32\zogapero.dll
D:\AUTORUN.INF
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
Infected copy of c:\windows\system32\drivers\aec.sys was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys

.
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-09-21 23:06 . 2009-09-21 23:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-21 20:02 . 2009-09-21 20:02 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 19:05 . 2009-09-22 19:05 0 ---ha-w- c:\windows\system32\BIT2E.tmp
2009-09-22 19:02 . 2003-08-14 02:59 0 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2009-09-22 19:02 . 2003-08-14 02:59 5760 ----a-w- c:\windows\system32\drivers\AGRSM.sys
2009-09-22 01:04 . 2009-06-22 01:03 50176 --sha-w- c:\windows\system32\dobonede.dll
2009-09-22 00:24 . 2002-08-29 01:33 5760 ----a-w- c:\windows\system32\drivers\arp1394.sys
2009-09-21 23:52 . 2002-01-05 09:26 8224 -c--a-w- c:\documents and settings\Andrew Evans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-21 20:11 . 2003-08-14 02:58 5760 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2009-09-11 21:32 . 2009-05-07 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-22 01:04 . 2009-06-22 01:04 50176 --sha-w- c:\windows\system32\firedobo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f6353cd9-46ea-4bfc-bb89-9ab09a78dc3b}]
2009-06-22 01:04 50176 --sha-w- c:\windows\system32\firedobo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-16 4743168]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-24 1409024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"HostManager"="c:\program files\Common Files\AOL\1245981695\ee\AOLSoftware.exe" [2007-05-25 42032]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-07-16 323584]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-02-14 88107]

c:\documents and settings\Andrew Evans\Start Menu\Programs\Startup\
TrueAssistant.lnk - c:\program files\TrueAssistant\TrueAssistant.exe [2004-8-30 333312]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1245981695\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/23/2008 2:10 AM 24652]
S2 mrtRate;mrtRate; [x]
S3 MR97310_VGA_DUAL_CAMERA;MR97310 VGA Dual Mode Camera;c:\windows\system32\drivers\mr97310v.sys [1/5/2002 12:02 AM 116078]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [4/12/2007 5:50 PM 507264]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-22 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 4100 series5E771253C1676EBED677BF361FDFC537825E15B8009877660.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2002-01-01 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-08-14 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - d:\office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Andrew Evans\Application Data\Mozilla\Firefox\Profiles\5t9dkkco.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Andrew Evans\Application Data\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PRISMSVR.EXE - c:\windows\System32\PRISMSVR.EXE
HKLM-Run-19074064 - c:\documents and settings\All Users\Application Data\19074064\19074064.exe
HKLM-Run-hujahokap - c:\windows\system32\yofiheja.dll
HKLM-Run-wemobinewe - tibipaku.dll
SharedTaskScheduler-{c8b7467c-6ef2-4726-aaef-3020f7ddddf6} - c:\windows\system32\yofiheja.dll
SSODL-fodavebon-{c8b7467c-6ef2-4726-aaef-3020f7ddddf6} - c:\windows\system32\yofiheja.dll
AddRemove-EarthLink Setup - c:\program files\Online Services\EarthLink Setup\unwise.exe
AddRemove-SBC Yahoo! Applications - c:\program files\SBC Yahoo!\UninstallManager.exe
AddRemove-SBC Yahoo! UMUninstaller - c:\program files\SBC Yahoo!\umuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-22 14:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2336)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\program files\WinZip\WZQKPICK.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe
.
**************************************************************************
.
Completion time: 2009-09-22 14:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-22 19:29

Pre-Run: 467,529,728 bytes free
Post-Run: 1,072,672,768 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

360 --- E O F --- 2009-04-29 08:10

Andrea29
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-09-22
OS OS : windows XP
Points Points : 26318
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security-PC won't connect, enter safe mode, etc..

Post by Andrea29 on Tue Sep 22, 2009 8:58 pm

I went ahead and ran superantispyware and found and removed 682 items.

Andrea29
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-09-22
OS OS : windows XP
Points Points : 26318
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security-PC won't connect, enter safe mode, etc..

Post by Andrea29 on Wed Sep 23, 2009 1:37 am

I ran MBAM and found 8 more to delete. Is there anything else I should do? Everything seems to be running fine now.....

Andrea29
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-09-22
OS OS : windows XP
Points Points : 26318
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security-PC won't connect, enter safe mode, etc..

Post by Dr Jay on Wed Sep 23, 2009 2:36 am

Hi

Please do not make further changes to your computer, such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc, unless advised by a Tech Staff member, moderator, or administrator, nor should you continue to ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the log you already posted.

==

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\BIT2E.tmp
    c:\windows\system32\dobonede.dll
    c:\windows\system32\firedobo.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f6353cd9-46ea-4bfc-bb89-9ab09a78dc3b}]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

==

In your next reply, please include the ComboFix and the Malwarebytes logs. Also, please tell me how the computer is running, or if you ran in to any problems or error messages.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum