For the past couple days, my computer has slowed down. When I click to open an application, like the internet or MS Word, it's about two minutes before the application opens (yes, I have timed this). So, I tried to download the DDS file, and a dialog box opened, saying "The procedure * could not be located in the DLL sfc.dll". When I pushed "OK", the dialog box kept coming up.
Then a window appeared saying the scan wouldn't take longer than 3 minutes, but nothing happened for half an hour. Help, please!
My name is Iain and I will be helping you clean your system.
You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.
Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.
Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.
If there is anything you don't understand, please ask BEFORE proceeding with the fixes.
Please ensure that you follow the instructions in the order I have them listed.
Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
Let's try this first
Please download Rkill from any one of these links and save it to your desktop.
Now double click on Rkill to run it. If the first one doesn't work try the next one.
This will help remove certain processes and should restore any file associations and your desktop. Note: Your system is still infected as Rkill does not delete files - it merely helps to temporarily disable the infections, allowing us to start the cleansing process.
Then try this
Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click the exe file.
The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
In any case, after the initial scan is complete, click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in your reply.
OK, it has taken me so long to reply because I keep trying to do this. Every time, it looks like the file is downloading, then I get a message that says, "The procedure * could not be located in the DLL sfc.dll". And I've tried the different links, too.
Do you have access to another computer? And perhaps a USB drive or similar? You could then download the files on the good machine and transfer to the infected machine.
OK, I figured out what the problem was. The computer I have isn't mine, and I wasn't logged in as the administrator. Here is the DDS and Attach file. By the way, I've been getting pop-ups from internet explorer, which I think is another sign I have some sort of malware problem.
DDS:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 21:43:40.87 on Thu 02/17/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1097 [GMT -8:00]
AV: Total Protection Service *Enabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/27/2010 10:36:39 AM
System Uptime: 2/10/2011 4:23:08 AM (185 hours ago)
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2B255CD7&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2B255CD7&0
Service: i8042prt
==== System Restore Points ===================
RP77: 11/20/2010 3:00:15 AM - Software Distribution Service 3.0
RP78: 11/21/2010 3:44:13 AM - Software Distribution Service 3.0
RP79: 11/22/2010 3:46:45 AM - System Checkpoint
RP80: 11/22/2010 8:29:30 AM - Software Distribution Service 3.0
RP81: 11/23/2010 8:29:42 AM - Software Distribution Service 3.0
RP82: 11/24/2010 8:31:48 AM - Software Distribution Service 3.0
RP83: 11/25/2010 8:31:42 AM - Software Distribution Service 3.0
RP84: 11/26/2010 8:31:49 AM - Software Distribution Service 3.0
RP85: 11/27/2010 8:31:05 AM - Software Distribution Service 3.0
RP86: 11/28/2010 2:16:30 AM - Software Distribution Service 3.0
RP87: 11/28/2010 8:31:43 AM - Software Distribution Service 3.0
RP88: 11/29/2010 1:19:45 PM - System Checkpoint
RP89: 11/29/2010 11:31:35 PM - Software Distribution Service 3.0
RP90: 11/30/2010 11:31:38 PM - Software Distribution Service 3.0
RP91: 12/1/2010 11:31:34 PM - Software Distribution Service 3.0
RP92: 12/3/2010 12:31:20 AM - System Checkpoint
RP93: 12/3/2010 9:35:29 AM - Software Distribution Service 3.0
RP94: 12/4/2010 9:35:22 AM - Software Distribution Service 3.0
RP95: 12/5/2010 1:50:41 AM - Software Distribution Service 3.0
RP96: 12/5/2010 9:35:20 AM - Software Distribution Service 3.0
RP97: 12/6/2010 9:35:23 AM - Software Distribution Service 3.0
RP98: 12/7/2010 9:35:34 AM - Software Distribution Service 3.0
RP99: 12/8/2010 9:34:47 AM - Software Distribution Service 3.0
RP100: 12/9/2010 9:35:35 AM - Software Distribution Service 3.0
RP101: 12/10/2010 9:37:57 AM - System Checkpoint
RP102: 12/10/2010 9:42:41 AM - Software Distribution Service 3.0
RP103: 12/11/2010 9:37:34 AM - Software Distribution Service 3.0
RP104: 12/12/2010 1:59:45 AM - Software Distribution Service 3.0
RP105: 12/12/2010 9:34:54 AM - Software Distribution Service 3.0
RP106: 12/13/2010 9:48:41 AM - System Checkpoint
RP107: 12/13/2010 12:52:20 PM - Software Distribution Service 3.0
RP108: 12/14/2010 3:00:15 AM - Software Distribution Service 3.0
RP109: 12/15/2010 3:00:31 AM - Software Distribution Service 3.0
RP110: 12/15/2010 3:33:30 AM - Software Distribution Service 3.0
RP111: 12/16/2010 3:28:23 AM - Software Distribution Service 3.0
RP112: 12/17/2010 4:06:18 AM - System Checkpoint
RP113: 12/17/2010 3:10:23 PM - Software Distribution Service 3.0
RP114: 12/18/2010 3:10:14 PM - Software Distribution Service 3.0
RP115: 12/19/2010 2:09:27 AM - Software Distribution Service 3.0
RP116: 12/19/2010 3:10:13 PM - Software Distribution Service 3.0
RP117: 12/20/2010 3:10:19 PM - Software Distribution Service 3.0
RP118: 12/21/2010 3:10:13 PM - Software Distribution Service 3.0
RP119: 12/22/2010 3:10:16 PM - Software Distribution Service 3.0
RP120: 12/23/2010 3:10:20 PM - Software Distribution Service 3.0
RP121: 12/24/2010 3:12:32 PM - Software Distribution Service 3.0
RP122: 12/25/2010 3:10:15 PM - Software Distribution Service 3.0
RP123: 12/26/2010 2:10:12 AM - Software Distribution Service 3.0
RP124: 12/26/2010 3:10:13 PM - Software Distribution Service 3.0
RP125: 12/27/2010 3:10:13 PM - Software Distribution Service 3.0
RP126: 12/28/2010 3:10:13 PM - Software Distribution Service 3.0
RP127: 12/29/2010 3:49:32 PM - System Checkpoint
RP128: 12/29/2010 6:53:32 PM - Software Distribution Service 3.0
RP129: 12/30/2010 6:53:07 PM - Software Distribution Service 3.0
RP130: 12/31/2010 3:00:14 AM - Software Distribution Service 3.0
RP131: 1/1/2011 3:24:32 AM - Software Distribution Service 3.0
RP132: 1/2/2011 2:17:18 AM - Software Distribution Service 3.0
RP133: 1/3/2011 2:20:25 AM - System Checkpoint
RP134: 1/3/2011 3:23:53 AM - Software Distribution Service 3.0
RP135: 1/4/2011 3:24:25 AM - Software Distribution Service 3.0
RP136: 1/5/2011 3:00:15 AM - Software Distribution Service 3.0
RP137: 1/5/2011 3:29:19 AM - Software Distribution Service 3.0
RP138: 1/6/2011 3:24:23 AM - Software Distribution Service 3.0
RP139: 1/7/2011 3:24:25 AM - Software Distribution Service 3.0
RP140: 1/8/2011 3:24:21 AM - Software Distribution Service 3.0
RP141: 1/9/2011 1:48:09 AM - Software Distribution Service 3.0
RP142: 1/10/2011 2:20:34 AM - System Checkpoint
RP143: 1/10/2011 3:24:20 AM - Software Distribution Service 3.0
RP144: 1/11/2011 3:24:25 AM - Software Distribution Service 3.0
RP145: 1/12/2011 3:00:14 AM - Software Distribution Service 3.0
RP146: 1/12/2011 3:30:49 AM - Software Distribution Service 3.0
RP147: 1/13/2011 3:25:20 AM - Software Distribution Service 3.0
RP148: 1/14/2011 3:25:24 AM - Software Distribution Service 3.0
RP149: 1/15/2011 3:25:59 AM - Software Distribution Service 3.0
RP150: 1/16/2011 2:22:35 AM - Software Distribution Service 3.0
RP151: 1/17/2011 2:28:02 AM - System Checkpoint
RP152: 1/17/2011 1:32:16 PM - Software Distribution Service 3.0
RP153: 1/18/2011 1:31:44 PM - Software Distribution Service 3.0
RP154: 1/19/2011 1:31:44 PM - Software Distribution Service 3.0
RP155: 1/20/2011 1:31:05 PM - Software Distribution Service 3.0
RP156: 1/21/2011 1:31:15 PM - Software Distribution Service 3.0
RP157: 1/22/2011 4:57:36 PM - System Checkpoint
RP158: 1/23/2011 2:03:56 AM - Software Distribution Service 3.0
RP159: 1/23/2011 10:06:45 AM - Software Distribution Service 3.0
RP160: 1/24/2011 10:07:29 AM - Software Distribution Service 3.0
RP161: 1/25/2011 10:06:35 AM - Software Distribution Service 3.0
RP162: 1/26/2011 10:06:07 AM - Software Distribution Service 3.0
RP163: 1/27/2011 10:06:40 AM - Software Distribution Service 3.0
RP164: 1/28/2011 10:06:48 AM - Software Distribution Service 3.0
RP165: 1/29/2011 10:07:04 AM - Software Distribution Service 3.0
RP166: 1/30/2011 2:04:04 AM - Software Distribution Service 3.0
RP167: 1/30/2011 10:07:07 AM - Software Distribution Service 3.0
RP168: 1/31/2011 10:07:38 AM - Software Distribution Service 3.0
RP169: 2/1/2011 10:07:16 AM - Software Distribution Service 3.0
RP170: 2/2/2011 11:20:42 AM - Software Distribution Service 3.0
RP171: 2/3/2011 12:09:10 PM - System Checkpoint
RP172: 2/4/2011 9:14:17 AM - Software Distribution Service 3.0
RP173: 2/5/2011 9:13:00 AM - Software Distribution Service 3.0
RP174: 2/6/2011 1:35:12 AM - Software Distribution Service 3.0
RP175: 2/6/2011 9:13:46 AM - Software Distribution Service 3.0
RP176: 2/7/2011 9:13:45 AM - Software Distribution Service 3.0
RP177: 2/8/2011 9:13:51 AM - Software Distribution Service 3.0
RP178: 2/9/2011 3:00:29 AM - Software Distribution Service 3.0
RP179: 2/10/2011 3:24:09 AM - System Checkpoint
RP180: 2/10/2011 3:28:33 AM - Software Distribution Service 3.0
RP181: 2/11/2011 3:27:54 AM - Software Distribution Service 3.0
RP182: 2/12/2011 3:27:53 AM - Software Distribution Service 3.0
RP183: 2/13/2011 1:37:31 AM - Software Distribution Service 3.0
RP184: 2/14/2011 2:24:19 AM - System Checkpoint
RP185: 2/14/2011 3:29:10 AM - Software Distribution Service 3.0
RP186: 2/15/2011 3:29:09 AM - Software Distribution Service 3.0
RP187: 2/16/2011 4:27:12 AM - System Checkpoint
RP188: 2/16/2011 4:35:49 AM - Software Distribution Service 3.0
RP189: 2/16/2011 9:44:37 AM - ARO 2011 - Before Installation
RP190: 2/17/2011 2:28:16 PM - System Checkpoint
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AVS Audio Converter version 6.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
blinkx beat
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon MP280 series User Registration
Canon My Printer
Canon Solution Menu EX
ClickPotato
Compatibility Pack for the 2007 Office system
DivX Setup
DVDVideoSoftTB Toolbar
Free iPod Video Converter 1.34
Free Studio version 4.9.13
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 22
Java(TM) SE Development Kit 6 Update 22
KwiClick
Loki VPN Client version 1.7.4.119
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.13)
MPlayer (remove only)
Norton Security Scan
Polipo 1.0.4.1
proXPN 2.4.5
QuestBrowse 1.0 build 127
QuickTime
Realtek High Definition Audio Driver
Safari
Search Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShopperReports
Simppull Toolbar (Remove Toolbar Only)
Skype Toolbars
Skype™ 5.0
Tor 0.2.1.27
TubeTillaFree
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Vidalia 0.2.10
VideoLAN VLC media player 0.8.6f
Visual C++ 8.0 x86 Runtime Setup Package
WeatherBug
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Xvid 1.2.1 final uninstall
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
2/17/2011 9:06:05 PM, error: Dhcp [1002] - The IP address lease 173.0.12.185 for the Network Card with network address 00FFEEDAADDB has been denied by the DHCP server 173.0.8.254 (The DHCP Server sent a DHCPNACK message).
2/17/2011 9:05:50 PM, error: Dhcp [1002] - The IP address lease 173.0.7.163 for the Network Card with network address 00FFEEDAADDB has been denied by the DHCP server 173.0.12.254 (The DHCP Server sent a DHCPNACK message).
2/16/2011 10:53:41 AM, error: Dhcp [1002] - The IP address lease 173.0.12.143 for the Network Card with network address 00FFEEDAADDB has been denied by the DHCP server 173.0.7.254 (The DHCP Server sent a DHCPNACK message).
2/16/2011 10:01:53 AM, error: PSched [14103] - QoS [Adapter {AA65CAC4-CCB6-4546-85FF-33550D44E62B}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
2/16/2011 10:01:50 AM, error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).
2/10/2011 1:45:27 PM, error: Print [6161] - The document Microsoft Word - Aryana Jaleh.doc owned by Parent failed to print on printer Canon MP280 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 28540. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\K12-BB9F8493EFA. Win32 error code returned by the print processor: 13 (0xd).
Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click the exe file.
The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
In any case, after the initial scan is complete, click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in your reply.
Status
Not open for further replies.
You have insufficient privileges to reply here.
Related Threads
?
?
?
?
?
Tech Support Forum
4.7M posts
957.9K members
Since 2002
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!