Hi, I have a Dell laptop xp sp3 E6500. Last week, I logged in, I found my PC had no response for many applications, including Internet Explorer, Network Connection, external hard driver, CD driver. I found Services/Extended window was empty opened by services.msc. When I tried to open a new Word document, It said "This document could not be registed. It will not be possibel to create links from other documents to this document. ...". So, I am not able to backup my documents to external hard disc, I am not able to us recover CD, and I am not able to connect internet. Seems my PC was hit by virus. I am looking for experts to help me. Many thanks in advance.
Dell XP almost dead - need help urgent
- Status
1 - 14 of 14 Posts
Joined
·
42,952 Posts
Hello tento100,
For us to be able to determine if malware is the cause or not, we require a comprehensive set of logs.
Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.
If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
For us to be able to determine if malware is the cause or not, we require a comprehensive set of logs.
Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.
If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
Thank you for the help. Per your instruction, I am attaching the ark.zip file that contains ark.txt and Attach.txt. Also, I am copying the content of DDS.txt below.
My PC losts everything. The worst thing is I am not able to copy and paste. So, it is difficult to copy dds.scr and gmer.zip into the PC and run them. Finally, I found I was able to work on Safe Mode, and to use "Move To" memu from Removable Disk.
I very appreciate your help and advice.
---------------------------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86 MINIMAL
Run by Henian Li at 10:34:23.67 on Sun 04/10/2011
Internet Explorer: 8.0.6001.18702
.
============== Running Processes ===============
.
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
F:\hli\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.live.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101112100508.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\henian li\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RoxioDragToDisc] c:\program files\roxio\drag-to-disc\Drgtodsc.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DCPstrApp] c:\program files\dell\dell controlpoint\security manager\SecurityDeviceInfoSetRegistryString.exe
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe" /LOGON
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: google.com\translate
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: Deployer - hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237049421640
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.768.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {6CCD288F-AD6B-F737-31CD-1EC4C557286C} - c:\windows\system32:twtw.exe
.
============= SERVICES / DRIVERS ===============
.
R? AESTAud;AE Audio Service
R? ASFAgent;ASF Agent
R? buttonsvc32;Dell ControlPoint Button Service
R? CCIDFILTER;Broadcom Smart Card Reader Filter Driver
R? cfwids;McAfee Inc. cfwids
R? Credential Vault Host Control Service;Credential Vault Host Control Service
R? Credential Vault Host Storage;Credential Vault Host Storage
R? ctxusbm;Citrix USB Monitor Driver
R? cvusbdrv;Broadcom USH CV
R? dcpsysmgrsvc;Dell ControlPoint System Manager
R? e1yexpress;Intel(R) Gigabit Network Connections Driver
R? IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service
R? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
R? McMPFSvc;McAfee Personal Firewall Service
R? McNaiAnn;McAfee VirusScan Announcer
R? McProxy;McAfee Proxy Service
R? McShield;McShield
R? MfeAVFK;McAfee Inc. mfeavfk
R? MfeBOPK;McAfee Inc. mfebopk
R? mfefire;McAfee Firewall Core Service
R? mfefirek;McAfee Inc. mfefirek
R? mfehidk;McAfee Inc. mfehidk
R? mfendisk;McAfee Core NDIS Intermediate Filter
R? mfendiskmp;mfendiskmp
R? mferkdet;McAfee Inc. mferkdet
R? MfeRKDK;McAfee Inc. mferkdk
R? mfesmfk;McAfee Inc. mfesmfk
R? mfetdi2k;McAfee Inc. mfetdi2k
R? MsDtsServer100;SQL Server Integration Services 10.0
R? MSOLAP$HENRYLI;SQL Server Analysis Services (HENRYLI)
R? MSSQL$HENRYLI;SQL Server (HENRYLI)
R? MSSQLFDLauncher$HENRYLI;SQL Full-text Filter Daemon Launcher (HENRYLI)
R? MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
R? MSSQLServerADHelper100;SQL Active Directory Helper Service
R? myAgtSvc;McAfee Virus and Spyware Protection Service
R? OA001Ufd;Creative Camera OA001 Upper Filter Driver
R? OA001Vid;Creative Camera OA001 Function Driver
R? ReportServer$HENRYLI;SQL Server Reporting Services (HENRYLI)
R? ReportServer;SQL Server Reporting Services (MSSQLSERVER)
R? RsFx0102;RsFx0102 Driver
R? SQLAgent$HENRYLI;SQL Server Agent (HENRYLI)
.
=============== File Associations ===============
.
.bat=UltraEdit.bat
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-04-02 11:09:02 -------- d-----w- c:\docume~1\henian~1\locals~1\applic~1\Roxio
2011-03-24 22:25:58 -------- d-----w- C:\_AcroTemp
2011-03-22 02:08:55 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 10:35:38.06 ===============
My PC losts everything. The worst thing is I am not able to copy and paste. So, it is difficult to copy dds.scr and gmer.zip into the PC and run them. Finally, I found I was able to work on Safe Mode, and to use "Move To" memu from Removable Disk.
I very appreciate your help and advice.
---------------------------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86 MINIMAL
Run by Henian Li at 10:34:23.67 on Sun 04/10/2011
Internet Explorer: 8.0.6001.18702
.
============== Running Processes ===============
.
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
F:\hli\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.live.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101112100508.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\henian li\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RoxioDragToDisc] c:\program files\roxio\drag-to-disc\Drgtodsc.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DCPstrApp] c:\program files\dell\dell controlpoint\security manager\SecurityDeviceInfoSetRegistryString.exe
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe" /LOGON
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: google.com\translate
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: Deployer - hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237049421640
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.768.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {6CCD288F-AD6B-F737-31CD-1EC4C557286C} - c:\windows\system32:twtw.exe
.
============= SERVICES / DRIVERS ===============
.
R? AESTAud;AE Audio Service
R? ASFAgent;ASF Agent
R? buttonsvc32;Dell ControlPoint Button Service
R? CCIDFILTER;Broadcom Smart Card Reader Filter Driver
R? cfwids;McAfee Inc. cfwids
R? Credential Vault Host Control Service;Credential Vault Host Control Service
R? Credential Vault Host Storage;Credential Vault Host Storage
R? ctxusbm;Citrix USB Monitor Driver
R? cvusbdrv;Broadcom USH CV
R? dcpsysmgrsvc;Dell ControlPoint System Manager
R? e1yexpress;Intel(R) Gigabit Network Connections Driver
R? IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service
R? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
R? McMPFSvc;McAfee Personal Firewall Service
R? McNaiAnn;McAfee VirusScan Announcer
R? McProxy;McAfee Proxy Service
R? McShield;McShield
R? MfeAVFK;McAfee Inc. mfeavfk
R? MfeBOPK;McAfee Inc. mfebopk
R? mfefire;McAfee Firewall Core Service
R? mfefirek;McAfee Inc. mfefirek
R? mfehidk;McAfee Inc. mfehidk
R? mfendisk;McAfee Core NDIS Intermediate Filter
R? mfendiskmp;mfendiskmp
R? mferkdet;McAfee Inc. mferkdet
R? MfeRKDK;McAfee Inc. mferkdk
R? mfesmfk;McAfee Inc. mfesmfk
R? mfetdi2k;McAfee Inc. mfetdi2k
R? MsDtsServer100;SQL Server Integration Services 10.0
R? MSOLAP$HENRYLI;SQL Server Analysis Services (HENRYLI)
R? MSSQL$HENRYLI;SQL Server (HENRYLI)
R? MSSQLFDLauncher$HENRYLI;SQL Full-text Filter Daemon Launcher (HENRYLI)
R? MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
R? MSSQLServerADHelper100;SQL Active Directory Helper Service
R? myAgtSvc;McAfee Virus and Spyware Protection Service
R? OA001Ufd;Creative Camera OA001 Upper Filter Driver
R? OA001Vid;Creative Camera OA001 Function Driver
R? ReportServer$HENRYLI;SQL Server Reporting Services (HENRYLI)
R? ReportServer;SQL Server Reporting Services (MSSQLSERVER)
R? RsFx0102;RsFx0102 Driver
R? SQLAgent$HENRYLI;SQL Server Agent (HENRYLI)
.
=============== File Associations ===============
.
.bat=UltraEdit.bat
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-04-02 11:09:02 -------- d-----w- c:\docume~1\henian~1\locals~1\applic~1\Roxio
2011-03-24 22:25:58 -------- d-----w- C:\_AcroTemp
2011-03-22 02:08:55 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 10:35:38.06 ===============
Joined
·
42,952 Posts
Thank you for the effort put in to get this dds.txt to me. It was helpful and I see the infection, but for the safety of your machine and data, I would really like to see the results of the gmer log - I don't see it attached to your post.
Joined
·
42,952 Posts
Thanks, let's get started. :sayyes:
It will require more than 1 round to clean the system. Please stay with me until given the 'all clear' even if symptoms seem to abate.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT- Save ComboFix.exe to your Desktop
====================================================
Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications
====================================================
Double click on ComboFix.exe & follow the prompts.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
![]()
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
![]()
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review, along with an update on machine behavior.
It will require more than 1 round to clean the system. Please stay with me until given the 'all clear' even if symptoms seem to abate.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT- Save ComboFix.exe to your Desktop
====================================================
Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications
====================================================
Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review, along with an update on machine behavior.
Ried,
'Microsodt Windows Recovery Console' was not installed because my PC was not able to connect to the internet. However, the ComboFix went to the end and produced a log.txt file. I am attaching it for your review. Hope you could find a solution soon. Thank you.
'Microsodt Windows Recovery Console' was not installed because my PC was not able to connect to the internet. However, the ComboFix went to the end and produced a log.txt file. I am attaching it for your review. Hope you could find a solution soon. Thank you.
Joined
·
42,952 Posts
How is the machine behaving now? Are you able to connect to the internet? If so, please disable your onboard Anti Virus and run ComboFix.exe again, and allow it to install the Recovery Console.
Post the C:\ComboFix.txt when it has completed.
Post the C:\ComboFix.txt when it has completed.
Ried,
Same as before, no internet connection, "Paste" is disabled, cannot find Removable Disk in normal mode, open .doc file with an error message, but open .txt without problem, save as no problem, "Move To" menu no problem, zip and unzip no problem. What should I do for that?
Same as before, no internet connection, "Paste" is disabled, cannot find Removable Disk in normal mode, open .doc file with an error message, but open .txt without problem, save as no problem, "Move To" menu no problem, zip and unzip no problem. What should I do for that?
Joined
·
42,952 Posts
Before we go any further, get the Recovery Console installed on this system. The Windows recovery console will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Go to Microsoft's website => How to obtain Windows XP Setup disks for a floppy boot installation
Select the download that's appropriate for your Operating System
![]()
Download the file & save it as it's originally named, next to ComboFix.exe.
![]()
Go to Microsoft's website => How to obtain Windows XP Setup disks for a floppy boot installation
Select the download that's appropriate for your Operating System
Download the file & save it as it's originally named, next to ComboFix.exe.
- Drag the setup package onto ComboFix.exe and drop it.
- Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
![]()
- At the next prompt, click 'Yes' to run the full ComboFix scan.
- When the tool is finished, it will produce a report for you.
Joined
·
42,952 Posts
Let's try it this way - click Start>Run and copy/paste the following into the Run box and click OK:
ComboFix "%userprofile%\desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe"
You didn't mention if you have XP Home or Pro. The above filename is assuming you downloaded for XP Home. If that is not correct, then this file should be the correct one. (Compare them to the filename you downloaded from Microsoft)
ComboFix "%userprofile%\desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe"
ComboFix "%userprofile%\desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe"
You didn't mention if you have XP Home or Pro. The above filename is assuming you downloaded for XP Home. If that is not correct, then this file should be the correct one. (Compare them to the filename you downloaded from Microsoft)
ComboFix "%userprofile%\desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe"
Hi Ried,
The Recovery Console was successfully installed per your guide. However, there is a problem to boot the system in Recovery Console mode. When re-start the PC, a black screen does not offer any option for recovery console mode. A few seconds later, the machine gives a normal window. And all problem are still there.
When I manually selected the Microsoft Windows Recovery Console from boot screen (using F5 key), a message said "A problem has been detected and Windows has been shut down to prevent damae to your computer. ...". It suggested to remove any newly installed hard drives, hard drive cotrollers, etc, which I was very confused. And then I was unable to shut down the Windows except to shut the power off.
I also find that the Add or Remove Programs in Control Pannel does not work.
Attached are ComboFix.txt and screen shots of running Combofix.exe.
I very appreciate your help. I hope it is close to the resolution.
The Recovery Console was successfully installed per your guide. However, there is a problem to boot the system in Recovery Console mode. When re-start the PC, a black screen does not offer any option for recovery console mode. A few seconds later, the machine gives a normal window. And all problem are still there.
When I manually selected the Microsoft Windows Recovery Console from boot screen (using F5 key), a message said "A problem has been detected and Windows has been shut down to prevent damae to your computer. ...". It suggested to remove any newly installed hard drives, hard drive cotrollers, etc, which I was very confused. And then I was unable to shut down the Windows except to shut the power off.
I also find that the Add or Remove Programs in Control Pannel does not work.
Attached are ComboFix.txt and screen shots of running Combofix.exe.
I very appreciate your help. I hope it is close to the resolution.
Joined
·
42,952 Posts
I'm not seeing any remaining malware, but I am seeing what appears to be serious Operating System issues. While there are many times that malware can be removed, you can't always undo the damage done to the Operating System.
Try again. If that drive is still giving you trouble, you should either contact Dell for recommendations on how to reinstall, or try talking this over with the folks in our Windows XP Support section.
1 - 14 of 14 Posts
- Status
Join the discussion
