LonnieRoy

XP Internet Security 2012

4 posts in this topic

I'm running Windows XP SP3 on an old HP a387x. Yesterday it became infected and I believed it had been sucessfully removed using malwarebytes. Anyway I no longer get the irritating pop up to register, but I have been unable to access the internet and windows firewall remains disabled.

Any help will be greatly appreciated.

Sorry, I forgot to include the DDS.txt file. Here it is:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Lonnie R Shoemaker at 11:17:55 on 2011-12-21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.643 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avast\avastUI.exe

C:\Documents and Settings\Lonnie R Shoemaker\Application Data\mjusbsp\cdloader2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office\Office\1033\msoffice.exe

svchost.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\system32\nvsvc32.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.foxnews.com/

uRun: [cdloader] "c:\documents and settings\lonnie r shoemaker\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [avast] "c:\program files\avast\avastUI.exe" /nogui

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237284453313

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{9EBCA567-C272-43EA-A600-12EE91E93A95} : DhcpNameServer = 192.168.2.1

AppInit_DLLs: prio.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\lonnie r shoemaker\application data\mozilla\firefox\profiles\0ittmpvf.default\

FF - prefs.js: browser.startup.homepage - hxxp://foxnews.com

FF - prefs.js: network.proxy.http_port - 64323

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader\browser\nppdf32.dll

FF - plugin: c:\program files\firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\java\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-18 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-18 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-18 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\AvastSvc.exe [2011-12-18 44768]

R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2011-12-18 20480]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-12-18 588032]

S1 MpKsl32f89590;MpKsl32f89590;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{88d1c033-2256-4ca0-91ad-f2488ae354fe}\mpksl32f89590.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{88d1c033-2256-4ca0-91ad-f2488ae354fe}\MpKsl32f89590.sys [?]

S1 MpKsl36c9fe9a;MpKsl36c9fe9a;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\mpksl36c9fe9a.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\MpKsl36c9fe9a.sys [?]

S1 MpKsl67bc5ba5;MpKsl67bc5ba5;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{c70e8a27-3bd8-4e44-83cd-f26872ac962d}\mpksl67bc5ba5.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{c70e8a27-3bd8-4e44-83cd-f26872ac962d}\MpKsl67bc5ba5.sys [?]

S1 MpKsl7b01dcb6;MpKsl7b01dcb6;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{5eaa0b29-d481-4e66-b8e0-7629be9cb216}\mpksl7b01dcb6.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{5eaa0b29-d481-4e66-b8e0-7629be9cb216}\MpKsl7b01dcb6.sys [?]

S1 MpKsl7ffefdd4;MpKsl7ffefdd4;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{3e91b2dc-d0bc-4c01-95df-b699845484b3}\mpksl7ffefdd4.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{3e91b2dc-d0bc-4c01-95df-b699845484b3}\MpKsl7ffefdd4.sys [?]

S1 MpKsl80ca64c2;MpKsl80ca64c2;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{355d2bcf-fd04-4c69-a9c8-c0d6ee96c05a}\mpksl80ca64c2.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{355d2bcf-fd04-4c69-a9c8-c0d6ee96c05a}\MpKsl80ca64c2.sys [?]

S1 MpKsl8c95e3ab;MpKsl8c95e3ab;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{10205639-4756-45b4-97e1-2c869e864461}\mpksl8c95e3ab.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{10205639-4756-45b4-97e1-2c869e864461}\MpKsl8c95e3ab.sys [?]

S1 MpKsl8d027c56;MpKsl8d027c56;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\mpksl8d027c56.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\MpKsl8d027c56.sys [?]

S1 MpKsl99c80186;MpKsl99c80186;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{59823040-1a5e-4b65-949b-a67f5ef2cd79}\mpksl99c80186.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{59823040-1a5e-4b65-949b-a67f5ef2cd79}\MpKsl99c80186.sys [?]

S1 MpKslb692d310;MpKslb692d310;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{6740d94e-6d41-4e7d-b496-a28523217e58}\mpkslb692d310.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{6740d94e-6d41-4e7d-b496-a28523217e58}\MpKslb692d310.sys [?]

S1 MpKslc585b489;MpKslc585b489;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{49181c38-a696-48db-af85-cb15c31dcd3d}\mpkslc585b489.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{49181c38-a696-48db-af85-cb15c31dcd3d}\MpKslc585b489.sys [?]

S1 MpKslcc44391d;MpKslcc44391d;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\mpkslcc44391d.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\MpKslcc44391d.sys [?]

S1 MpKslcd663726;MpKslcd663726;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{19746c8e-1cc1-4c20-9ecf-898ad24893d7}\mpkslcd663726.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{19746c8e-1cc1-4c20-9ecf-898ad24893d7}\MpKslcd663726.sys [?]

S1 MpKslf1554d1d;MpKslf1554d1d;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{804e3637-1ce3-4503-9df2-ccb171b3cd31}\mpkslf1554d1d.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{804e3637-1ce3-4503-9df2-ccb171b3cd31}\MpKslf1554d1d.sys [?]

S1 prio;Prio;c:\windows\system32\drivers\prio.sys [2010-7-28 51408]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 WLSVC;WLSVC;c:\program files\d-link\WLSVC.exe [2011-12-18 167936]

S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2010-6-16 706304]

S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2009-3-17 465988]

S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-12-21 07:31:42 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll

2011-12-21 07:31:42 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll

2011-12-21 07:31:42 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll

2011-12-21 07:31:42 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll

2011-12-21 07:31:42 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll

2011-12-21 07:31:42 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll

2011-12-21 07:31:42 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll

2011-12-21 07:31:42 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll

2011-12-21 02:30:44 616024 ----a-w- c:\windows\system32\COMCTL32.OCX

2011-12-19 19:11:38 -------- d-----w- c:\windows\system32\system32

2011-12-19 05:58:41 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-12-19 05:58:17 20480 ----a-w- c:\windows\system32\wlndis50.sys

2011-12-19 05:58:17 20480 ----a-w- c:\windows\system32\drivers\WLNdis50.sys

2011-12-19 05:57:39 588032 ----a-w- c:\windows\system32\drivers\RTL8192su.sys

2011-12-19 05:57:39 -------- d-----w- c:\windows\pcidevice

2011-12-19 05:57:16 -------- d-----w- c:\program files\D-Link

2011-12-19 03:52:41 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-12-19 03:52:29 41184 ----a-w- c:\windows\avastSS.scr

2011-12-19 03:52:19 -------- d-----w- c:\program files\Avast

2011-12-19 01:38:37 -------- d-----w- c:\documents and settings\lonnie r shoemaker\local settings\application data\Google

2011-12-18 23:21:46 -------- d-----w- c:\documents and settings\all users.windows\application data\AVAST Software

2011-12-01 21:29:41 -------- d-----w- c:\program files\PrintScreen

2011-11-27 07:41:51 -------- d-----w- c:\program files\Auslogics

.

==================== Find3M ====================

.

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 11:18:36.20 ===============

Share this post


Link to post
Share on other sites

Merry Christmas everyone. Please cancel this request.

The computer is now repaired and working as good as new.

Share this post


Link to post
Share on other sites

Thank you for taking the time to post back and letting us know thumbup.gif

Peace be with you wavey.gif

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.