Jump to content


Photo
- - - - -

XP Internet Security 2012


  • This topic is locked This topic is locked
3 replies to this topic

#1 LonnieRoy

LonnieRoy

    New Member

  • Members
  • Pip
  • 2 posts

Posted 19 December 2011 - 07:43 PM

I'm running Windows XP SP3 on an old HP a387x. Yesterday it became infected and I believed it had been sucessfully removed using malwarebytes. Anyway I no longer get the irritating pop up to register, but I have been unable to access the internet and windows firewall remains disabled.

Any help will be greatly appreciated.

Sorry, I forgot to include the DDS.txt file. Here it is:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Lonnie R Shoemaker at 11:17:55 on 2011-12-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.643 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avast\avastUI.exe
C:\Documents and Settings\Lonnie R Shoemaker\Application Data\mjusbsp\cdloader2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\nvsvc32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
uRun: [cdloader] "c:\documents and settings\lonnie r shoemaker\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast] "c:\program files\avast\avastUI.exe" /nogui
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237284453313
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{9EBCA567-C272-43EA-A600-12EE91E93A95} : DhcpNameServer = 192.168.2.1
AppInit_DLLs: prio.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lonnie r shoemaker\application data\mozilla\firefox\profiles\0ittmpvf.default\
FF - prefs.js: browser.startup.homepage - hxxp://foxnews.com
FF - prefs.js: network.proxy.http_port - 64323
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader\browser\nppdf32.dll
FF - plugin: c:\program files\firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-18 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-18 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-18 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\AvastSvc.exe [2011-12-18 44768]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2011-12-18 20480]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-12-18 588032]
S1 MpKsl32f89590;MpKsl32f89590;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{88d1c033-2256-4ca0-91ad-f2488ae354fe}\mpksl32f89590.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{88d1c033-2256-4ca0-91ad-f2488ae354fe}\MpKsl32f89590.sys [?]
S1 MpKsl36c9fe9a;MpKsl36c9fe9a;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\mpksl36c9fe9a.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\MpKsl36c9fe9a.sys [?]
S1 MpKsl67bc5ba5;MpKsl67bc5ba5;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{c70e8a27-3bd8-4e44-83cd-f26872ac962d}\mpksl67bc5ba5.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{c70e8a27-3bd8-4e44-83cd-f26872ac962d}\MpKsl67bc5ba5.sys [?]
S1 MpKsl7b01dcb6;MpKsl7b01dcb6;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{5eaa0b29-d481-4e66-b8e0-7629be9cb216}\mpksl7b01dcb6.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{5eaa0b29-d481-4e66-b8e0-7629be9cb216}\MpKsl7b01dcb6.sys [?]
S1 MpKsl7ffefdd4;MpKsl7ffefdd4;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{3e91b2dc-d0bc-4c01-95df-b699845484b3}\mpksl7ffefdd4.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{3e91b2dc-d0bc-4c01-95df-b699845484b3}\MpKsl7ffefdd4.sys [?]
S1 MpKsl80ca64c2;MpKsl80ca64c2;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{355d2bcf-fd04-4c69-a9c8-c0d6ee96c05a}\mpksl80ca64c2.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{355d2bcf-fd04-4c69-a9c8-c0d6ee96c05a}\MpKsl80ca64c2.sys [?]
S1 MpKsl8c95e3ab;MpKsl8c95e3ab;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{10205639-4756-45b4-97e1-2c869e864461}\mpksl8c95e3ab.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{10205639-4756-45b4-97e1-2c869e864461}\MpKsl8c95e3ab.sys [?]
S1 MpKsl8d027c56;MpKsl8d027c56;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\mpksl8d027c56.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\MpKsl8d027c56.sys [?]
S1 MpKsl99c80186;MpKsl99c80186;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{59823040-1a5e-4b65-949b-a67f5ef2cd79}\mpksl99c80186.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{59823040-1a5e-4b65-949b-a67f5ef2cd79}\MpKsl99c80186.sys [?]
S1 MpKslb692d310;MpKslb692d310;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{6740d94e-6d41-4e7d-b496-a28523217e58}\mpkslb692d310.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{6740d94e-6d41-4e7d-b496-a28523217e58}\MpKslb692d310.sys [?]
S1 MpKslc585b489;MpKslc585b489;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{49181c38-a696-48db-af85-cb15c31dcd3d}\mpkslc585b489.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{49181c38-a696-48db-af85-cb15c31dcd3d}\MpKslc585b489.sys [?]
S1 MpKslcc44391d;MpKslcc44391d;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\mpkslcc44391d.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\MpKslcc44391d.sys [?]
S1 MpKslcd663726;MpKslcd663726;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{19746c8e-1cc1-4c20-9ecf-898ad24893d7}\mpkslcd663726.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{19746c8e-1cc1-4c20-9ecf-898ad24893d7}\MpKslcd663726.sys [?]
S1 MpKslf1554d1d;MpKslf1554d1d;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{804e3637-1ce3-4503-9df2-ccb171b3cd31}\mpkslf1554d1d.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{804e3637-1ce3-4503-9df2-ccb171b3cd31}\MpKslf1554d1d.sys [?]
S1 prio;Prio;c:\windows\system32\drivers\prio.sys [2010-7-28 51408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 WLSVC;WLSVC;c:\program files\d-link\WLSVC.exe [2011-12-18 167936]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2010-6-16 706304]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2009-3-17 465988]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-21 07:31:42 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2011-12-21 07:31:42 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2011-12-21 07:31:42 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2011-12-21 07:31:42 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2011-12-21 07:31:42 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2011-12-21 07:31:42 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2011-12-21 07:31:42 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2011-12-21 07:31:42 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2011-12-21 02:30:44 616024 ----a-w- c:\windows\system32\COMCTL32.OCX
2011-12-19 19:11:38 -------- d-----w- c:\windows\system32\system32
2011-12-19 05:58:41 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-12-19 05:58:17 20480 ----a-w- c:\windows\system32\wlndis50.sys
2011-12-19 05:58:17 20480 ----a-w- c:\windows\system32\drivers\WLNdis50.sys
2011-12-19 05:57:39 588032 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
2011-12-19 05:57:39 -------- d-----w- c:\windows\pcidevice
2011-12-19 05:57:16 -------- d-----w- c:\program files\D-Link
2011-12-19 03:52:41 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-19 03:52:29 41184 ----a-w- c:\windows\avastSS.scr
2011-12-19 03:52:19 -------- d-----w- c:\program files\Avast
2011-12-19 01:38:37 -------- d-----w- c:\documents and settings\lonnie r shoemaker\local settings\application data\Google
2011-12-18 23:21:46 -------- d-----w- c:\documents and settings\all users.windows\application data\AVAST Software
2011-12-01 21:29:41 -------- d-----w- c:\program files\PrintScreen
2011-11-27 07:41:51 -------- d-----w- c:\program files\Auslogics
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 11:18:36.20 ===============

#2 LonnieRoy

LonnieRoy

    New Member

  • Members
  • Pip
  • 2 posts

Posted 23 December 2011 - 01:50 AM

Merry Christmas everyone. Please cancel this request.

The computer is now repaired and working as good as new.

#3 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 December 2011 - 05:20 PM

Thank you for taking the time to post back and letting us know Posted Image

Peace be with you Posted Image
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 December 2011 - 05:20 PM

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users