Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Infected with AntiVirus XP 2010 rogue program

Started by lucella31 , Feb 11 2010 08:31 PM

  • This topic is locked This topic is locked
34 replies to this topic

#1 lucella31

lucella31

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 11 February 2010 - 08:31 PM

Hello,

My mother's PC got infected with the fake AV program called AntiVirus XP 2010 2 days ago while surfing the net / checking her email. Multiple popups appeared and a fake 4-color Windows shield appeared in the system tray.

I have already run several programs per LDTate's post to try to remove it.
See http://forums.whatthetech.com/you_Infected_t106388.html

I have run Defogger, ATF Cleaner, ERUNT, MBAM, GMER (no log was produced though) and DDS...all in SAFE MODE because it was the only way I could do it.
I have logs for HiJackThis, MBAM, and DDS if needed.

I thought what I did would help clear up the matter as most of these are familiar to me when I received help with my laptop. Hopefully I have not messed things up by running these programs. I did not run ComboFix as I understand it can be damaging.

Please help me with instructions of what to do now. When not in SAFE MODE, no desktop icon will launch, so whatever is lurking in the system affects the .exe files.

Thanks in advance.

lucella31

    Advertisements

Register to Remove

#2 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 14 February 2010 - 01:54 AM

Hi lucella31 , welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

I have logs for HiJackThis, MBAM, and DDS if needed.

Please post them.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#3 lucella31

lucella31

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 14 February 2010 - 07:46 AM

Hello oldman960,

Thank you for replying to my problem. :) The PC has not been touched since these logs (HJT, MBAM, DDS) were created on Feb. 11th so the data is still valid.
A note about MBAM: I ran this before which did find infections and I removed them. The log I'm posting now is the most current but offers no infection information.

Here are the logs you requested:

HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:15 PM, on 2/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080318
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080318
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ALOT Toolbar BHO - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1210395665609
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 6447 bytes


MBAM log

Malwarebytes' Anti-Malware 1.44
Database version: 3723
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

2/11/2010 5:23:33 PM
mbam-log-2010-02-11 (17-23-33).txt

Scan type: Quick Scan
Objects scanned: 130179
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



DDS log


DDS (Ver_09-06-26.01) - NTFSx86 MINIMAL
Run by Amber at 17:31:39.62 on Thu 02/11/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.748 [GMT -8:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Amber\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080318
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi0.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi0.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210395665609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

S2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
S2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-6-4 78104]
S2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-11-8 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-11-8 923216]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-11-8 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-11-8 566872]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-11-8 280392]

=============== Created Last 30 ================

2010-02-09 16:27 <DIR> --d----- c:\docume~1\amber\applic~1\Malwarebytes
2010-02-09 16:27 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-09 16:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-09 16:27 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-02-09 16:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 08:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSNDynFiles
2010-01-13 05:28 471,552 -------- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2009-12-31 08:50 353,792 a------- c:\windows\system32\drivers\srv.sys
2009-12-31 08:50 353,792 -------- c:\windows\system32\dllcache\srv.sys
2009-12-31 07:33 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 07:33 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 05:05 634,648 -------- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 05:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-12-16 10:43 343,040 a------- c:\windows\system32\mspaint.exe
2009-12-16 10:43 343,040 -------- c:\windows\system32\dllcache\mspaint.exe
2009-12-13 23:08 33,280 a------- c:\windows\system32\csrsrv.dll
2009-12-13 23:08 33,280 -------- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 01:23 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 10:22 455,424 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 09:11 1,291,776 a------- c:\windows\system32\quartz.dll
2009-11-27 09:11 17,920 a------- c:\windows\system32\msyuv.dll
2009-11-27 09:11 1,291,776 -------- c:\windows\system32\dllcache\quartz.dll
2009-11-27 09:11 17,920 -------- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 08:07 28,672 a------- c:\windows\system32\msvidc32.dll
2009-11-27 08:07 8,704 a------- c:\windows\system32\tsbyuv.dll
2009-11-27 08:07 28,672 -------- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 08:07 8,704 -------- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 08:07 84,992 a------- c:\windows\system32\avifil32.dll
2009-11-27 08:07 48,128 a------- c:\windows\system32\iyuv_32.dll
2009-11-27 08:07 11,264 a------- c:\windows\system32\msrle32.dll
2009-11-27 08:07 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 08:07 48,128 -------- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 08:07 11,264 -------- c:\windows\system32\dllcache\msrle32.dll
2009-11-21 07:51 471,552 a------- c:\windows\apppatch\aclayers.dll
2008-08-18 19:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat

============= FINISH: 17:31:54.06 ===============


Hope these help! Thanks!

#4 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 14 February 2010 - 12:05 PM

Hi lucella31,

Instead of booting to Safe Mode, is it possible to boot to Safe Mode with Networking? If you can and are able to connect to the internet please download the program listed below and save it to your desktop. Please do not do any other browsing will in Safe Mode with Networking as none of your security programs will be active.

Once saved reboot to normal windows and try to run it from there.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)


Try running DDS again. If it still won't run, rename it to DDS.com

Please post the exehelper.com log and both DDS logs.


Open MBAM, click on the Logs tab and click on the scan log created prior to the one you posted. Click open. The log will open in note pad, please post it's contents also.



Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#5 lucella31

lucella31

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 14 February 2010 - 12:35 PM

Hello oldman960, I was able to boot into Safe Mode with Networking before, so hopefully there still won't be a problem to do it this time. I'm off to go do the tasks you've requested and will return with the info you need. Thanks. lucella31

#6 lucella31

lucella31

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 14 February 2010 - 12:51 PM

OK, here are the logs:

exehelper log

exeHelper by Raktor
Build 20091220
Run at 10:44:05 on 02/14/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

The 2 logs from DDS


DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Amber at 10:46:56.51 on Sun 02/14/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.687 [GMT -8:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Amber\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080318
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi0.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi0.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210395665609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\amber\applic~1\mozilla\firefox\profiles\8j2hwweq.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-11-8 280392]
S2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
S2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-6-4 78104]
S2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-11-8 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-11-8 923216]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-11-8 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-11-8 566872]

=============== Created Last 30 ================

2010-02-14 10:42 <DIR> --d-h--- c:\windows\PIF
2010-02-09 16:27 <DIR> --d----- c:\docume~1\amber\applic~1\Malwarebytes
2010-02-09 16:27 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-09 16:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-09 16:27 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-02-09 16:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 08:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSNDynFiles

==================== Find3M ====================

2009-12-31 08:50 353,792 a------- c:\windows\system32\drivers\srv.sys
2009-12-31 08:50 353,792 -------- c:\windows\system32\dllcache\srv.sys
2009-12-31 07:33 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 07:33 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 05:05 634,648 -------- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 05:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-12-16 10:43 343,040 a------- c:\windows\system32\mspaint.exe
2009-12-16 10:43 343,040 -------- c:\windows\system32\dllcache\mspaint.exe
2009-12-13 23:08 33,280 a------- c:\windows\system32\csrsrv.dll
2009-12-13 23:08 33,280 -------- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 01:23 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 10:22 455,424 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 09:11 1,291,776 a------- c:\windows\system32\quartz.dll
2009-11-27 09:11 17,920 a------- c:\windows\system32\msyuv.dll
2009-11-27 09:11 1,291,776 -------- c:\windows\system32\dllcache\quartz.dll
2009-11-27 09:11 17,920 -------- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 08:07 28,672 a------- c:\windows\system32\msvidc32.dll
2009-11-27 08:07 8,704 a------- c:\windows\system32\tsbyuv.dll
2009-11-27 08:07 28,672 -------- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 08:07 8,704 -------- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 08:07 84,992 a------- c:\windows\system32\avifil32.dll
2009-11-27 08:07 48,128 a------- c:\windows\system32\iyuv_32.dll
2009-11-27 08:07 11,264 a------- c:\windows\system32\msrle32.dll
2009-11-27 08:07 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 08:07 48,128 -------- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 08:07 11,264 -------- c:\windows\system32\dllcache\msrle32.dll
2009-11-21 07:51 471,552 a------- c:\windows\apppatch\aclayers.dll
2009-11-21 07:51 471,552 -------- c:\windows\system32\dllcache\aclayers.dll
2008-08-18 19:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat

============= FINISH: 10:47:08.46 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/22/2008 9:36:48 AM
System Uptime: 2/14/2010 10:37:52 AM (0 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2194/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 295 GiB total, 274.957 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP307: 11/11/2009 5:38:54 AM - System Checkpoint
RP308: 11/12/2009 4:09:02 AM - Software Distribution Service 3.0
RP309: 11/13/2009 1:59:51 PM - System Checkpoint
RP310: 11/16/2009 5:40:30 AM - System Checkpoint
RP311: 11/17/2009 1:54:05 PM - System Checkpoint
RP312: 11/21/2009 10:03:16 AM - System Checkpoint
RP313: 11/22/2009 11:16:57 AM - System Checkpoint
RP314: 11/24/2009 7:56:55 AM - System Checkpoint
RP315: 11/24/2009 7:51:21 AM - System Checkpoint
RP316: 11/25/2009 8:32:40 AM - System Checkpoint
RP317: 11/25/2009 7:36:01 PM - Software Distribution Service 3.0
RP318: 11/27/2009 6:04:18 AM - System Checkpoint
RP319: 11/28/2009 7:45:33 AM - System Checkpoint
RP320: 11/29/2009 9:08:03 AM - System Checkpoint
RP321: 11/30/2009 9:59:45 AM - System Checkpoint
RP322: 12/1/2009 7:50:55 PM - Software Distribution Service 3.0
RP323: 12/3/2009 4:41:40 AM - System Checkpoint
RP324: 12/4/2009 6:59:45 AM - System Checkpoint
RP325: 12/5/2009 8:06:05 AM - System Checkpoint
RP326: 12/7/2009 5:19:11 AM - System Checkpoint
RP327: 12/8/2009 5:38:05 AM - System Checkpoint
RP328: 12/9/2009 7:09:37 AM - Software Distribution Service 3.0
RP329: 12/10/2009 8:59:15 AM - System Checkpoint
RP330: 12/11/2009 9:11:34 AM - System Checkpoint
RP331: 12/12/2009 9:33:58 AM - System Checkpoint
RP332: 12/13/2009 11:30:55 AM - System Checkpoint
RP333: 12/14/2009 11:46:08 AM - System Checkpoint
RP334: 12/15/2009 4:46:01 PM - System Checkpoint
RP335: 12/16/2009 4:56:39 PM - System Checkpoint
RP336: 12/17/2009 6:04:16 PM - System Checkpoint
RP337: 12/19/2009 7:10:17 AM - System Checkpoint
RP338: 12/19/2009 8:20:05 PM - Software Distribution Service 3.0
RP339: 12/22/2009 6:01:24 AM - System Checkpoint
RP340: 12/23/2009 8:00:27 AM - System Checkpoint
RP341: 12/24/2009 8:05:56 AM - System Checkpoint
RP342: 12/25/2009 10:01:46 AM - System Checkpoint
RP343: 12/26/2009 10:24:54 AM - System Checkpoint
RP344: 12/29/2009 5:07:11 PM - System Checkpoint
RP345: 12/30/2009 5:46:06 PM - System Checkpoint
RP346: 1/1/2010 6:37:17 AM - System Checkpoint
RP347: 1/2/2010 8:37:09 AM - System Checkpoint
RP348: 1/4/2010 5:16:11 AM - System Checkpoint
RP349: 1/5/2010 5:34:42 AM - System Checkpoint
RP350: 1/6/2010 6:00:50 AM - System Checkpoint
RP351: 1/8/2010 4:13:48 AM - System Checkpoint
RP352: 1/9/2010 1:19:20 PM - System Checkpoint
RP353: 1/11/2010 5:36:08 AM - System Checkpoint
RP354: 1/12/2010 6:19:38 AM - System Checkpoint
RP355: 1/13/2010 6:47:36 PM - Software Distribution Service 3.0
RP356: 1/16/2010 5:37:08 AM - System Checkpoint
RP357: 1/17/2010 6:00:59 AM - System Checkpoint
RP358: 1/18/2010 6:02:13 AM - System Checkpoint
RP359: 1/19/2010 8:42:41 AM - System Checkpoint
RP360: 1/20/2010 1:51:42 PM - System Checkpoint
RP361: 1/21/2010 2:29:37 PM - System Checkpoint
RP362: 1/22/2010 4:07:42 PM - System Checkpoint
RP363: 1/22/2010 7:30:11 PM - Software Distribution Service 3.0
RP364: 1/24/2010 6:10:30 AM - System Checkpoint
RP365: 1/26/2010 5:19:31 AM - System Checkpoint
RP366: 1/27/2010 5:21:07 AM - System Checkpoint
RP367: 1/28/2010 5:27:15 AM - System Checkpoint
RP368: 1/29/2010 5:36:03 AM - System Checkpoint
RP369: 1/30/2010 5:02:43 PM - System Checkpoint
RP370: 2/1/2010 5:00:53 AM - System Checkpoint
RP371: 2/2/2010 5:49:01 AM - System Checkpoint
RP372: 2/3/2010 8:44:43 AM - System Checkpoint
RP373: 2/5/2010 6:01:19 AM - System Checkpoint
RP374: 2/6/2010 6:59:44 AM - System Checkpoint
RP375: 2/7/2010 8:31:48 AM - System Checkpoint
RP376: 2/8/2010 9:29:15 AM - System Checkpoint
RP377: 2/10/2010 9:19:37 PM - Software Distribution Service 3.0
RP378: 2/11/2010 5:38:07 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.5
Alchemy Deluxe 1.51p
ALOT Toolbar
Aveyond Lord of Twilight (remove only)
Bejeweled Twist 1.0
Browser Address Error Redirector
Canon i470D
Canon MP Navigator EX 1.0
Canon MX310 series
Canon MX310 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Dell Automated PC TuneUp
Dell DataSafe Online
Dell Driver Reset Tool
Dell Support Center
Dell System Restore
Digital Line Detect
DIGOpt
DIGReqEx
DinerTown Tycoon (remove only)
DING!
Documentation & Support Launcher
Dynomite Deluxe 2.71
Enchanted Fairy Friends Secret of the Fairy Queen (remove only)
ERUNT 1.1j
Faerie Solitaire (remove only)
Games, Music, & Photos Launcher
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
InstallMgr
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Internet Service Offers Launcher
iWin Games (remove only)
iWin Toolbar
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 13
Java™ 6 Update 7
Lost in Reefs (remove only)
Malwarebytes' Anti-Malware
Masque Slots featuring WMS Gaming II
Memory Card Utility
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Diagnostic Tool
Mortimer Beckett And The Secrets Of Spooky Manor
Mozilla Firefox (3.5.7)
MSN
MSN Messenger 6.1
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Mystery P.I. - Lost in Los Angeles
Mystery PI The Vegas Heist 1.00
NetWaiting
Norton Security Scan
OGA Notifier 2.0.0048.0
OpenOffice.org 3.0
PowerDVD
Presto! PageManager 7.15.16
QualxServ Service Agreement
RealArcade
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
ScanSoft OmniPage SE 4
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sonic Activation Module
Stellarium 0.10.1
Trend Micro PC-cillin Internet Security 14
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.1
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

2/9/2010 5:56:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm tmtdi
2/9/2010 4:25:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi
2/9/2010 4:25:56 PM, error: Service Control Manager [7001] - The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2010 4:25:56 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2010 4:25:56 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2010 4:25:56 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2010 4:25:56 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2010 4:25:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/9/2010 4:25:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/9/2010 4:24:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/10/2010 9:15:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor
2/10/2010 9:15:31 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

==== End Of File ===========================

#7 lucella31

lucella31

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 14 February 2010 - 01:01 PM

Oops. Sorry. I forgot the MBAM log. :smack: Um, apparently I ran the log successfully more than I thought so I am posting 3 MBAM logs to show all the infections that were found. That way it will give you more insight. One is from Feb 9th. Two are from Feb 10th. After that, all MBAM scans have been clean. ************************************************************* Malwarebytes' Anti-Malware 1.43 Database version: 3458 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 2/9/2010 5:42:34 PM mbam-log-2010-02-09 (17-42-34).txt Scan type: Full Scan (C:\|) Objects scanned: 269691 Time elapsed: 1 hour(s), 11 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ********************************************************** Malwarebytes' Anti-Malware 1.44 Database version: 3723 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 2/10/2010 7:46:38 PM mbam-log-2010-02-10 (19-46-38).txt Scan type: Quick Scan Objects scanned: 178378 Time elapsed: 17 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Cookie\Local Settings\Application Data\av.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Cookie\Local Settings\Temporary Internet Files\Content.IE5\8DFUVLHC\msieinst[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. *********************************************************************** Malwarebytes' Anti-Malware 1.44 Database version: 3723 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 2/10/2010 9:14:18 PM mbam-log-2010-02-10 (21-14-18).txt Scan type: Full Scan (C:\|) Objects scanned: 277511 Time elapsed: 33 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP376\A0163699.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

#8 lucella31

lucella31

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 14 February 2010 - 01:32 PM

Try running DDS again. If it still won't run, rename it to DDS.com


I reread your reply.
Was the previous DDS log insufficient?
I just ran the exehelper, DDS, and MBAM programs from Safe Mode with Networking.
Did you want me to try to run all of them in normal start mode? Or just DDS?
All the programs I've saved to the desktop in SAFE MODE do not show up when I rebooted into normal startup mode.
I did try to access a random .exe file (Firefox) from the desktop and I still get a popup window asking which program I want to use to open it.

#9 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 14 February 2010 - 02:19 PM

Hi lucella31, There seems to be a process running in normal windows that is causing the problem. This process is not running in safe mode so it won't show in the logs. When you booted into safe mode did you boot into your usual account? Do you have a CD or flash drive you can copy DDS and exehelper to so you can transfer them to the desktop in normal windows?

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#10 lucella31

lucella31

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 14 February 2010 - 02:27 PM

When I booted into SAFE MODE, no, I did not use the usual account (my Mother's account), I used my account. But I'm hardly on her computer. I usually use her account to log in. When I booted up normally, I did use her account. That's probably causing the confusion. I didn't realize that different users would make a difference. Oops. I do have a flash drive that I have been using to download most of the programs so I will try to use it to open them on the PC and see what happens. Wish me luck...

    Advertisements

Register to Remove

#11 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 14 February 2010 - 02:31 PM

Hi Ok. The programs should be visible in normal windows if you log into the same account you used in safe mode.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#12 lucella31

lucella31

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 14 February 2010 - 02:52 PM

Hello oldman960, Ah, I see a whole new problem now. :o Under my mother's account, I cannot launch any .exe program from the desktop. However, when I switched users and was in my account, I CAN launch .exe programs. I was able to launch and Firefox and OpenOffice. I switched back to my mother's account once more and I was unable to launch them. Is it possible that there could be an infection only in her user account and not mine? I thought it would affect all accounts. Here are the logs for exehelper and DDS: exeHelper by Raktor Build 20091220 Run at 12:35:22 on 02/14/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- ******************************************************************************** ******* DDS (Ver_09-06-26.01) - NTFSx86 Run by Amber at 12:41:07.17 on Sun 02/14/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.633 [GMT -8:00] AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\iWin Games\iWinTrusted.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Amber\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080318 uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi0.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi0.dll TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210395665609 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\amber\applic~1\mozilla\firefox\profiles\8j2hwweq.default\ FF - component: c:\documents and settings\amber\application data\mozilla\firefox\profiles\8j2hwweq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376] R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-6-4 78104] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-11-8 36368] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-11-8 280392] S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-11-8 345696] S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-11-8 923216] S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-11-8 566872] =============== Created Last 30 ================ 2010-02-14 10:42 <DIR> --d-h--- c:\windows\PIF 2010-02-09 16:27 <DIR> --d----- c:\docume~1\amber\applic~1\Malwarebytes 2010-02-09 16:27 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-09 16:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-02-09 16:27 19,160 a------- c:\windows\system32\drivers\mbam.sys 2010-02-09 16:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2010-02-06 08:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSNDynFiles ==================== Find3M ==================== 2009-12-31 08:50 353,792 a------- c:\windows\system32\drivers\srv.sys 2009-12-31 08:50 353,792 -------- c:\windows\system32\dllcache\srv.sys 2009-12-31 07:33 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-12-31 07:33 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-12-18 05:05 634,648 -------- c:\windows\system32\dllcache\iexplore.exe 2009-12-18 05:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-12-16 10:43 343,040 a------- c:\windows\system32\mspaint.exe 2009-12-16 10:43 343,040 -------- c:\windows\system32\dllcache\mspaint.exe 2009-12-13 23:08 33,280 a------- c:\windows\system32\csrsrv.dll 2009-12-13 23:08 33,280 -------- c:\windows\system32\dllcache\csrsrv.dll 2009-12-08 01:23 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll 2009-12-04 10:22 455,424 -------- c:\windows\system32\dllcache\mrxsmb.sys 2009-11-27 09:11 1,291,776 a------- c:\windows\system32\quartz.dll 2009-11-27 09:11 17,920 a------- c:\windows\system32\msyuv.dll 2009-11-27 09:11 1,291,776 -------- c:\windows\system32\dllcache\quartz.dll 2009-11-27 09:11 17,920 -------- c:\windows\system32\dllcache\msyuv.dll 2009-11-27 08:07 28,672 a------- c:\windows\system32\msvidc32.dll 2009-11-27 08:07 8,704 a------- c:\windows\system32\tsbyuv.dll 2009-11-27 08:07 28,672 -------- c:\windows\system32\dllcache\msvidc32.dll 2009-11-27 08:07 8,704 -------- c:\windows\system32\dllcache\tsbyuv.dll 2009-11-27 08:07 84,992 a------- c:\windows\system32\avifil32.dll 2009-11-27 08:07 48,128 a------- c:\windows\system32\iyuv_32.dll 2009-11-27 08:07 11,264 a------- c:\windows\system32\msrle32.dll 2009-11-27 08:07 84,992 -------- c:\windows\system32\dllcache\avifil32.dll 2009-11-27 08:07 48,128 -------- c:\windows\system32\dllcache\iyuv_32.dll 2009-11-27 08:07 11,264 -------- c:\windows\system32\dllcache\msrle32.dll 2009-11-21 07:51 471,552 a------- c:\windows\apppatch\aclayers.dll 2009-11-21 07:51 471,552 -------- c:\windows\system32\dllcache\aclayers.dll 2008-08-18 19:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat ============= FINISH: 12:41:24.64 =============== ******************************************************************************** *********************** UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 3/22/2008 9:36:48 AM System Uptime: 2/14/2010 12:28:25 PM (0 hours ago) Motherboard: Dell Inc. | | 0RY007 Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2194/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 295 GiB total, 273.867 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP307: 11/11/2009 5:38:54 AM - System Checkpoint RP308: 11/12/2009 4:09:02 AM - Software Distribution Service 3.0 RP309: 11/13/2009 1:59:51 PM - System Checkpoint RP310: 11/16/2009 5:40:30 AM - System Checkpoint RP311: 11/17/2009 1:54:05 PM - System Checkpoint RP312: 11/21/2009 10:03:16 AM - System Checkpoint RP313: 11/22/2009 11:16:57 AM - System Checkpoint RP314: 11/24/2009 7:56:55 AM - System Checkpoint RP315: 11/24/2009 7:51:21 AM - System Checkpoint RP316: 11/25/2009 8:32:40 AM - System Checkpoint RP317: 11/25/2009 7:36:01 PM - Software Distribution Service 3.0 RP318: 11/27/2009 6:04:18 AM - System Checkpoint RP319: 11/28/2009 7:45:33 AM - System Checkpoint RP320: 11/29/2009 9:08:03 AM - System Checkpoint RP321: 11/30/2009 9:59:45 AM - System Checkpoint RP322: 12/1/2009 7:50:55 PM - Software Distribution Service 3.0 RP323: 12/3/2009 4:41:40 AM - System Checkpoint RP324: 12/4/2009 6:59:45 AM - System Checkpoint RP325: 12/5/2009 8:06:05 AM - System Checkpoint RP326: 12/7/2009 5:19:11 AM - System Checkpoint RP327: 12/8/2009 5:38:05 AM - System Checkpoint RP328: 12/9/2009 7:09:37 AM - Software Distribution Service 3.0 RP329: 12/10/2009 8:59:15 AM - System Checkpoint RP330: 12/11/2009 9:11:34 AM - System Checkpoint RP331: 12/12/2009 9:33:58 AM - System Checkpoint RP332: 12/13/2009 11:30:55 AM - System Checkpoint RP333: 12/14/2009 11:46:08 AM - System Checkpoint RP334: 12/15/2009 4:46:01 PM - System Checkpoint RP335: 12/16/2009 4:56:39 PM - System Checkpoint RP336: 12/17/2009 6:04:16 PM - System Checkpoint RP337: 12/19/2009 7:10:17 AM - System Checkpoint RP338: 12/19/2009 8:20:05 PM - Software Distribution Service 3.0 RP339: 12/22/2009 6:01:24 AM - System Checkpoint RP340: 12/23/2009 8:00:27 AM - System Checkpoint RP341: 12/24/2009 8:05:56 AM - System Checkpoint RP342: 12/25/2009 10:01:46 AM - System Checkpoint RP343: 12/26/2009 10:24:54 AM - System Checkpoint RP344: 12/29/2009 5:07:11 PM - System Checkpoint RP345: 12/30/2009 5:46:06 PM - System Checkpoint RP346: 1/1/2010 6:37:17 AM - System Checkpoint RP347: 1/2/2010 8:37:09 AM - System Checkpoint RP348: 1/4/2010 5:16:11 AM - System Checkpoint RP349: 1/5/2010 5:34:42 AM - System Checkpoint RP350: 1/6/2010 6:00:50 AM - System Checkpoint RP351: 1/8/2010 4:13:48 AM - System Checkpoint RP352: 1/9/2010 1:19:20 PM - System Checkpoint RP353: 1/11/2010 5:36:08 AM - System Checkpoint RP354: 1/12/2010 6:19:38 AM - System Checkpoint RP355: 1/13/2010 6:47:36 PM - Software Distribution Service 3.0 RP356: 1/16/2010 5:37:08 AM - System Checkpoint RP357: 1/17/2010 6:00:59 AM - System Checkpoint RP358: 1/18/2010 6:02:13 AM - System Checkpoint RP359: 1/19/2010 8:42:41 AM - System Checkpoint RP360: 1/20/2010 1:51:42 PM - System Checkpoint RP361: 1/21/2010 2:29:37 PM - System Checkpoint RP362: 1/22/2010 4:07:42 PM - System Checkpoint RP363: 1/22/2010 7:30:11 PM - Software Distribution Service 3.0 RP364: 1/24/2010 6:10:30 AM - System Checkpoint RP365: 1/26/2010 5:19:31 AM - System Checkpoint RP366: 1/27/2010 5:21:07 AM - System Checkpoint RP367: 1/28/2010 5:27:15 AM - System Checkpoint RP368: 1/29/2010 5:36:03 AM - System Checkpoint RP369: 1/30/2010 5:02:43 PM - System Checkpoint RP370: 2/1/2010 5:00:53 AM - System Checkpoint RP371: 2/2/2010 5:49:01 AM - System Checkpoint RP372: 2/3/2010 8:44:43 AM - System Checkpoint RP373: 2/5/2010 6:01:19 AM - System Checkpoint RP374: 2/6/2010 6:59:44 AM - System Checkpoint RP375: 2/7/2010 8:31:48 AM - System Checkpoint RP376: 2/8/2010 9:29:15 AM - System Checkpoint RP377: 2/10/2010 9:19:37 PM - Software Distribution Service 3.0 RP378: 2/11/2010 5:38:07 PM - Software Distribution Service 3.0 ==== Installed Programs ====================== Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe Shockwave Player 11.5 Alchemy Deluxe 1.51p ALOT Toolbar Aveyond Lord of Twilight (remove only) Bejeweled Twist 1.0 Browser Address Error Redirector Canon i470D Canon MP Navigator EX 1.0 Canon MX310 series Canon MX310 series User Registration Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu Compatibility Pack for the 2007 Office system Conexant D850 56K V.9x DFVc Modem Dell Automated PC TuneUp Dell DataSafe Online Dell Driver Reset Tool Dell Support Center Dell System Restore Digital Line Detect DIGOpt DIGReqEx DinerTown Tycoon (remove only) DING! Documentation & Support Launcher Dynomite Deluxe 2.71 Enchanted Fairy Friends Secret of the Fairy Queen (remove only) ERUNT 1.1j Faerie Solitaire (remove only) Games, Music, & Photos Launcher Google Desktop Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) InstallMgr Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers Internet Service Offers Launcher iWin Games (remove only) iWin Toolbar J2SE Runtime Environment 5.0 Update 6 Java™ 6 Update 13 Java™ 6 Update 7 Lost in Reefs (remove only) Malwarebytes' Anti-Malware Masque Slots featuring WMS Gaming II Memory Card Utility Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft Default Manager Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Word Viewer 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Search Enhancement Pack Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Modem Diagnostic Tool Mortimer Beckett And The Secrets Of Spooky Manor Mozilla Firefox (3.5.7) MSN MSN Messenger 6.1 MSN Toolbar MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) Mystery P.I. - Lost in Los Angeles Mystery PI The Vegas Heist 1.00 NetWaiting Norton Security Scan OGA Notifier 2.0.0048.0 OpenOffice.org 3.0 PowerDVD Presto! PageManager 7.15.16 QualxServ Service Agreement RealArcade Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler Roxio MyDVD DE Roxio Update Manager ScanSoft OmniPage SE 4 SearchAssist Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978706) Sonic Activation Module Stellarium 0.10.1 Trend Micro PC-cillin Internet Security 14 Update for Windows Internet Explorer 7 (KB976749) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VLC media player 1.0.1 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format Runtime Windows Media Player 10 Windows XP Service Pack 3 WinRAR archiver ==== Event Viewer Messages From Past Week ======== 2/9/2010 5:56:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm tmtdi 2/9/2010 5:51:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/9/2010 5:49:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi 2/9/2010 5:49:48 PM, error: Service Control Manager [7001] - The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/9/2010 5:49:48 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 2/9/2010 5:49:48 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/9/2010 5:49:48 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/9/2010 5:49:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 2/9/2010 5:48:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 2/9/2010 5:42:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 2/10/2010 9:15:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor 2/10/2010 9:15:31 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. ==== End Of File =========================== lucella31

#13 lucella31

lucella31

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 14 February 2010 - 02:56 PM

FYI: I was able to run exehelper from the desktop of my mother's account since it is a .com file
I ran DDS from the desktop of my account.

#14 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 15 February 2010 - 02:06 AM

Hi lucella31,

Is it possible that there could be an infection only in her user account and not mine? I thought it would affect all accounts.

It would depend on which registry key it was loading under. If it's under Current User then it would just effect that account.

Did you attempt to run DDS.scr renamed to DDS.com in the effected account?

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#15 lucella31

lucella31

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 15 February 2010 - 09:16 AM

Hello oldman960, I just tried running the DDS program by changing the .scr to .com in normal mode AND safe mode in the affected account (my mother's) and in both cases a popup window asks me to choose which program I want to use to open it. I even renamed the program to abcd to see if that would work and it didn't. And ideas now? Can you only see what's happening with the registry in normal mode?

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·