We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Live security platinum
Comments
-
Service packs should only be installed on an uninfected, clean system. That's a job for when the systems clean - As is updating third party programs such as Adobe, Java et al.
It's as important to update these as it is the OS. Quite often when I see the advice to restore to factory settings it is hardly ever advised to update these, leaving the computer in a vulnerable state as the versions they have in the factory image are often outdated and prime targets for exploits.
As it stands I'm not 100% sure the computer isn't still infected. The broken services and the inability to connect to MS domains rings possible alarm bells.
These rogues often come installed/supported by a rootkit. Sirefef aka ZeroAccess is quite prevalent at the moment, as is Necurs (a hidden driver/service).
Everything takes time, whether it be backing-up, restoring/reinstalling/updating the OS, reinstalling/updating other programs, restoring custom settings etc - or cleaning.
I'll help if the OP wants to clean it up and secure the machine. It's up to the OP, whatever he wants to do.
I wrote:....run a Factory Restore and then immediately, use Windows Updates continuously until you have updated to Service Pack 2.....
I've noted that none of those who have posted with this infection had Service Packs installed.
As you write, people have to actively update the OS and applications.
Could it be that it has been running for years without Service Packs?0 -
Here is first log file.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 08/05/2008 00:38:25
System Uptime: 13/08/2012 17:15:56 (3 hours ago)
.
Motherboard: Dell Inc. | | 0HX767
Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz | Microprocessor | 2501/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 142.108 GiB free.
is FIXED (NTFS) - 10 GiB total, 5.169 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Software Update
Broadcom Management Programs
Browser Address Error Redirector
Conexant HDA D330 MDC V.92 Modem
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Digital Line Detect
FUJIFILM FinePixViewer S Ver.2.1
Google Desktop
Google Earth
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PROSet/Wireless Software
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) SE Runtime Environment 6
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes Anti-Malware version 1.62.0.1300
mCore
MediaDirect
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
mMHouse
Modem Diagnostic Tool
MP3 Player Utilities
mPfMgr
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWMI
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OutlookAddinSetup
QuickSet
QuickTime
RealPlayer
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB954156)
Skype Click to Call
Skype™ 5.5
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
User's Guides
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Media Encoder 9 Series
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
12/08/2012 22:44:49, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 2147500053.
12/08/2012 14:24:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/08/2012 10:32:27, Error: EventLog [6008] - The previous system shutdown at 10:31:25 on 12/08/2012 was unexpected.
12/08/2012 10:28:43, Error: EventLog [6008] - The previous system shutdown at 10:25:49 on 12/08/2012 was unexpected.
12/08/2012 09:46:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
12/08/2012 09:46:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
12/08/2012 07:57:56, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
12/08/2012 07:57:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
12/08/2012 07:57:04, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/08/2012 07:56:34, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
12/08/2012 07:56:34, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).
12/08/2012 07:56:34, Error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
12/08/2012 07:56:34, Error: Service Control Manager [7034] - The RoxMediaDB9 service terminated unexpectedly. It has done this 1 time(s).
12/08/2012 07:56:34, Error: Service Control Manager [7034] - The Roxio Hard Drive Watcher 9 service terminated unexpectedly. It has done this 1 time(s).
12/08/2012 07:56:34, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
12/08/2012 07:56:34, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/08/2012 07:56:34, Error: Service Control Manager [7034] - The Andrea ST Filters Service service terminated unexpectedly. It has done this 1 time(s).
12/08/2012 07:56:34, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/08/2012 23:26:01, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
11/08/2012 22:46:50, Error: EventLog [6008] - The previous system shutdown at 20:55:31 on 11/08/2012 was unexpected.
11/08/2012 20:26:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6
11/08/2012 20:26:15, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
11/08/2012 20:26:15, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
11/08/2012 20:26:15, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/08/2012 20:25:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/08/2012 20:25:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/08/2012 20:25:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/08/2012 20:25:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/08/2012 20:25:06, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
08/08/2012 22:21:42, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
08/08/2012 06:18:40, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
07/08/2012 02:05:24, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 001F3C4F0589 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================If I was rich I wouldn't care about money. Think I should be rich because I don't care about money now! :beer:0 -
And here is the 2nd.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18882
Run by Gwyn at 20:10:32 on 2012-08-13
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3069.1298 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
[URL="file://\\.\globalroot\systemroot\Installer\{f7ea7e05-901d-0111-9bb6-1129bfd4dd11}\U"]\\.\globalroot\systemroot\Installer\{f7ea7e05-901d-0111-9bb6-1129bfd4dd11}\U[/URL]
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Internet Explorer provided by Dell
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
TB: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Media Finder] "c:\program files\media finder\Media Finder.exe" /opentotray
uRun: [Gumifyra] c:\users\gwyn\appdata\roaming\ikitet\apkoa.exe
uRun: [msvci] "c:\windows\system32\rundll32.exe" "c:\users\gwyn\appdata\roaming\msvci.dll",read_row
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [msvci] "c:\windows\system32\rundll32.exe" "c:\users\gwyn\appdata\roaming\msvci.dll",read_row
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1B976DDF-7A0C-4715-815D-B8D0D908E7DA} : DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
TCP: Interfaces\{8411B747-D8BD-4B08-AF05-822D423410CF} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-5-8 73728]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-12 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-12 22344]
S2 gupdate1c995f881c652c0;Google Update Service (gupdate1c995f881c652c0);c:\program files\google\update\GoogleUpdate.exe [2009-2-23 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-8 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-23 133104]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
.
=============== Created Last 30 ================
.
2012-08-12 18:56:14
d
w- c:\users\gwyn\appdata\roaming\Malwarebytes
2012-08-12 18:55:28
d
w- c:\programdata\Malwarebytes
2012-08-12 18:55:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-12 18:55:27
d
w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 21:00:46
d-sh--w- c:\windows\system32\%APPDATA%
2012-08-10 20:15:49
d
w- c:\programdata\036DFF61000898AD0297FBADC2E33E28
2012-08-10 20:15:30 449536 ----a-w- c:\users\gwyn\appdata\roaming\msvci.dll
2012-08-10 20:15:00 190 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{8DD5D1BA-6963-3431-706B-52D698A88EFD}-tmpb9d8e270.bat
2012-08-10 20:14:31
d
w- c:\users\gwyn\appdata\roaming\Quutf
2012-08-10 20:14:31
d
w- c:\users\gwyn\appdata\roaming\Ikitet
2012-08-10 20:14:31
d
w- c:\users\gwyn\appdata\roaming\Cyfap
2012-08-09 22:08:48 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7be79a6a-46d8-45df-9153-f59e14276db8}\mpengine.dll
2012-08-08 21:24:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 20:08:14
d
w- c:\users\gwyn\appdata\roaming\Media Finder
2012-08-02 20:07:53
d
w- c:\programdata\Tarma Installer
2012-08-02 19:39:41
d
w- c:\program files\Conduit
2012-08-02 19:39:34
d
w- c:\users\gwyn\appdata\local\Conduit
.
==================== Find3M ====================
.
2012-08-08 21:24:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:11:19.48 ===============If I was rich I wouldn't care about money. Think I should be rich because I don't care about money now! :beer:0 -
As I suspected, you do have the ZeroAccess rootkit. You can either reinstall/restore windows or attempt to clean it.
If you want to attempt to clean it up, go here and read through the instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial- Ensure you temporarily turn off your antivirus before running. Instructions here
- Double click combofix.exe & follow the prompts closely.
- When it's finished, it'll produce a log. Post the contents of that log.
- It'll be found on your C:\ drive named combofix.txt
0 -
Thanks Waddler_8. I will do this when I get a chance and post results here once done. Thanks for the help.If I was rich I wouldn't care about money. Think I should be rich because I don't care about money now! :beer:0
-
No worries - any problems, just post here.0
-
these flamin' zeroaccess infections seem to be spreading...had 2 last week
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
I am definitely going to try removing the virus rather than re-installing. Just want to buy an external hard drive first to back everything up. Can anybody recommend any decent ones?If I was rich I wouldn't care about money. Think I should be rich because I don't care about money now! :beer:0
-
Couple of recent threads here:
https://forums.moneysavingexpert.com/discussion/4109165
https://forums.moneysavingexpert.com/discussion/40815450
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.9K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 242.9K Work, Benefits & Business
- 619.8K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards