Member Avatar for Purusha

I'm having trouble accessing anti-virus sites (and Microsoft pages as well) on the internet with my Asus Eee laptop. I've tried using a range of different browsers, deactivating Windows Firewall, and downloading Malwarebytes' Anti-Malware from a "clean" computer and transferring it to my own.

Still no success, though.

Following the guidelines for posting on the forum I came across the following two problems:

1. I couldn't run Microsoft® Windows® Malicious Software Removal Tool ("problem loading page" error message)

2. I couldn't run ESET Online Scanner or any of the other suggested scanners ("problem loading page" error message all over)

I'm attaching the Malwarebytes' log and attach.txt. Below is the DDS.txt:

---


DDS (Ver_09-12-01.01) - NTFSx86
Run by Jacob Schmidt Madsen at 15:35:51.95 on Wed 01/06/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.427 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\AsScrPro.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Jacob Schmidt Madsen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://eeepc.asus.com/global
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\aibelive\voice command\skype4com.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jacobs~1\applic~1\mozilla\firefox\profiles\n05tv92q.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-6 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-23 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-6-1 38912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-6 38224]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-6-1 39040]
S2 yuqfruhv;Time Server;c:\windows\system32\svchost.exe -k netsvcs [2009-5-20 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-23 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-7 533360]

=============== Created Last 30 ================

2010-01-06 11:58:50 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-06 11:58:35 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-06 11:58:35 0 d-----w- c:\docume~1\jacobs~1\applic~1\SUPERAntiSpyware.com
2010-01-06 11:58:06 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-06 11:06:16 0 d-----w- c:\docume~1\jacobs~1\applic~1\Malwarebytes
2010-01-06 11:06:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 11:06:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 11:06:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 11:06:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-06 10:46:23 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-06 10:42:34 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-01-06 10:42:33 0 d-----w- c:\program files\McAfee Security Scan
2010-01-06 10:26:17 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-06 10:24:17 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-06 10:24:06 0 d-----w- c:\program files\Lavasoft
2010-01-06 09:50:05 6144 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-01-03 06:58:02 0 ----a-w- c:\documents and settings\jacob schmidt madsen\temp.dat
2010-01-03 06:57:47 0 d-----w- c:\documents and settings\jacob schmidt madsen\.oces
2009-12-27 18:38:29 0 d-----w- c:\docume~1\jacobs~1\applic~1\OpenOffice.org
2009-12-27 18:37:24 0 d-----w- c:\program files\JRE
2009-12-27 18:37:19 0 d-----w- c:\program files\OpenOffice.org 3
2009-12-27 18:37:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-27 18:37:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-23 06:57:26 0 d-----w- C:\Digital signatur
2009-12-14 07:22:43 0 d-----w- c:\program files\MoRUN.net

==================== Find3M ====================

2009-12-28 19:21:21 30388 ----a-w- c:\docume~1\jacobs~1\applic~1\wklnhst.dat
2009-10-30 00:29:08 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-03-21 14:06:58 154406 --sha-r- c:\windows\system32\zwghg.dll
2009-07-02 02:49:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 15:36:15.82 ===============

---

I'd be most grateful for any help received.

Cheers,

Jacob

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/23/2009 8:56:32 PM
System Uptime: 1/6/2010 1:20:27 PM (2 hours ago)

Motherboard: ASUSTeK Computer INC. |  | 1005HA
Processor:          Intel(R) Atom(TM) CPU N280   @ 1.66GHz | PBGA 437 | 1666/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 72 GiB total, 61.757 GiB free.
D: is FIXED (NTFS) - 72 GiB total, 71.988 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR9285 Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\4&23C6FC68&0&00E1
Manufacturer: Atheros
Name: Atheros AR9285 Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\4&23C6FC68&0&00E1
Service: AR5416

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: Broadcom
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS

==== System Restore Points ===================

RP1: 11/24/2009 9:18:08 PM - System Checkpoint
RP2: 11/24/2009 11:48:26 AM - Installed Windows XP --  Software Updates KB952011.
RP3: 12/7/2009 7:04:43 AM - System Checkpoint
RP4: 12/9/2009 5:40:51 PM - System Checkpoint
RP5: 12/13/2009 5:16:04 PM - System Checkpoint
RP6: 12/14/2009 8:22:43 AM - Installed MoRUN.net Sticker Lite
RP7: 12/21/2009 5:43:47 PM - System Checkpoint
RP8: 12/27/2009 7:36:46 PM - Installed Java(TM) 6 Update 16
RP9: 12/27/2009 7:37:13 PM - Installed OpenOffice.org 3.1
RP10: 12/27/2009 8:00:26 PM - Removed Microsoft Office Home and Student 2007
RP11: 12/27/2009 8:03:07 PM - Removed Microsoft Office PowerPoint Viewer 2007 (English)
RP12: 12/27/2009 8:03:48 PM - Removed Microsoft Office Suite Activation Assistant.
RP13: 1/1/2010 4:02:49 PM - Installed Java(TM) 6 Update 17
RP14: 1/6/2010 12:58:34 PM - Installed SUPERAntiSpyware Free Edition
RP15: 1/6/2010 1:38:11 PM - Removed MoRUN.net Sticker Lite

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Asus ACPI Driver
ASUS VIBE
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Choice Guard
Compatibility Pack for the 2007 Office system
Data Sync
Dr.Eee EN
Eee Docking 1.3.4.0
Eee PC_1005HA Screen Saver
Eee Storage
EeeSplendid
EzMessenger
FontResizer
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Inform 7
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 17
Junk Mail filter update
LiveUpdate
Malwarebytes' Anti-Malware
McAfee Security Scan
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox (3.5.6)
MSVCRT
OpenOffice.org 3.1
Picasa 3
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Segoe UI
Skype 3.6
Super Hybrid Engine
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
USB2.0 UVC Camera Device
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Frotz
Windows Genuine Advantage Notifications (KB905474)
Windows Glulxe
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11

==== Event Viewer Messages From Past Week ========

12/30/2009 6:41:47 AM, error: Service Control Manager [7023]  - The Time Server service terminated with the following error:  A dynamic link library (DLL) initialization routine failed.
1/6/2010 1:36:51 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/2/2010 5:58:25 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/1/2010 4:01:47 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

==== End Of File ===========================
Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/6/2010 3:33:46 PM
mbam-log-2010-01-06 (15-33-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 139597
Time elapsed: 14 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 4 Contributors
  • 11 Replies
  • 363 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by techsheaven
Member Avatar for techsheaven

You can access other websites, but not a few?

Member Avatar for Purusha

I can apparently access all other sites than microsoft.com and anti-virus sites, lavasoft.com being a notable exception (though installing and running Ad-Aware didn't yield any results).

Member Avatar for vidmaa

I can apparently access all other sites than microsoft.com and anti-virus sites, lavasoft.com being a notable exception (though installing and running Ad-Aware didn't yield any results).

it a virus - it is not detected by many anti virus software (ir detect but after full infections - and only from another PC)

this virus is coming from skype AND with flash disk (and some other ways i did not found..) - it hides itself under well knows icons (winamp, nero , msn etc...)

you know if you are infected:
- if you now longer have any anti virus software you had (avira, avg.. had disappear from computers i found infected)
- no longer can access any antivirus/firewall website
- regedit shows it was dissabled be administrator
- all ( the ones i have checked ) anti virus installers are shut down - so you can't install new

- and don't try to use safe mode - it is corrupt ( didn't worked at all)

to disable this virus you will need to do following BEFORE you can download and install antivirus/antimalware to finish job.

download Tune Up Utilities (it have it own task manager and registry editor)
use tuneup utilities task manager (as you may not be able to use windows one)

kill exporer.exe as virus using it to renew itself
kill all [random name process *.exe] - make sure you know that do not kill needed one

use cmd comand and delete hiden exe and bat files in these locations:
- in root folder of all disk you have (be careful with c: as there are hidden files that do not belong to virus) virus names are long and random - easy to recognize
temp folder
(dir /ah *.exe, *.bat, - to find ; attrib -s -h -r [file name]to make possible to delete; del [file name])

use msconfig (or tune up utilities start up managers) to delete virus from start up
before deleting - look at the path in registry key and then from there the path to file itself - delete file, registry key and then start up entry

reboot system
if you find and deleted all these file no random name files will appear in task manager
now you can enter antivirus websites and download any which will finish it

you need to put value to 0 in DisableRegistryTools which can be found:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

if you want to use regedit from windows

that about it - i hope it help - if need write i will put some more detail.

Member Avatar for sinnerFA

Also check your hosts file typically located @ c:\windows\system32\drivers\etc\hosts
I have seen many attacks that redirect anti-virus sites to your loopback adapter disabling you to install/update.

HTHs
sinnerFA

Member Avatar for vidmaa

ignore my previous post - i looked at your logs more carefully - you do not have processes that belong to the virus i described

then you said you can't load any anti virus website i at once assumed (as i have real pain with this virus on several completely different computers)
sorry

Member Avatar for Purusha

Also check your hosts file typically located @ c:\windows\system32\drivers\etc\hosts
I have seen many attacks that redirect anti-virus sites to your loopback adapter disabling you to install/update.

HTHs
sinnerFA

I'm not quite sure what you mean by checking my hosts file. I've located it and opened it with my notepad, but don't really know what more to do about it.

Can you tell me what I should be on the lookout for?

Cheers,

Purusha

Member Avatar for Purusha

ignore my previous post - i looked at your logs more carefully - you do not have processes that belong to the virus i described

Thanks a lot for taking the time, Vidmaa. Much appreciated.

Cheers,

Purusha

Member Avatar for Purusha

I scanned the USB stick that I suspect to be the culprit with Ad-Aware, and discovered a "high-level security threat" named Win32.Worm.Kido - probably the worm that has eaten its way into my laptop.

I'm attaching the scan log in case it'll be of any help.

Logfile created: 1/6/2010 23:45:46

Lavasoft Ad-Aware version: 8.1.3

User performing scan: Jacob Schmidt Madsen



*********************** Definitions database information ***********************

Lavasoft definition file: 149.125

Genotype definition file version: 2010/01/04 08:39:47



******************************** Scan results: *********************************

Scan profile name: Context menu scan  (ID: contextmenuscan)

Objects scanned: 206

Objects detected: 1





Type              Detected

==========================

Processes.......:        0

Registry entries:        0

Hostfile entries:        0

Files...........:        1

Folders.........:        0

LSPs............:        0

Cookies.........:        0

Browser hijacks.:        0

MRU objects.....:        0







Quarantined items:

Description: E:\autorun.inf Family Name: Win32.Worm.Kido Engine: 1 Clean status: Success Item ID: 1233942 Family ID: 495033 MD5: 7d9542ef7c46ed5e80c23153dd5319f2



Scan and cleaning complete: Finished correctly after 4 seconds



*********************************** Settings ***********************************



Scan profile:

ID: contextmenuscan, enabled:1, value: Context menu scan

  ID: folderstoscan, enabled:1, value: 

  ID: useantivirus, enabled:1, value: true

  ID: sections, enabled:1

    ID: scancriticalareas, enabled:1, value: false

    ID: scanrunningapps, enabled:1, value: false

    ID: scanregistry, enabled:1, value: false

    ID: scanlsp, enabled:1, value: false

    ID: scanads, enabled:1, value: false

    ID: scanhostsfile, enabled:1, value: false

    ID: scanmru, enabled:1, value: false

    ID: scanbrowserhijacks, enabled:1, value: false

    ID: scantrackingcookies, enabled:1, value: false

      ID: closebrowsers, enabled:0, value: false

  ID: filescanningoptions, enabled:1

    ID: archives, enabled:1, value: true

    ID: onlyexecutables, enabled:1, value: false

    ID: skiplargerthan, enabled:1, value: 20480

    ID: scanrootkits, enabled:1, value: false

      ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict

    ID: usespywareheuristics, enabled:1, value: true



Scan global:

ID: global, enabled:1

  ID: addtocontextmenu, enabled:1, value: true

  ID: playsoundoninfection, enabled:1, value: false

    ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav



Scheduled scan settings:

<Empty>



Update settings:

ID: updates, enabled:1

  ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently

  ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

  ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

  ID: schedules, enabled:1, value: true

    ID: updatedaily1, enabled:1, value: Daily 1

      ID: time, enabled:1, value: Wed Jan 06 11:26:00 2010

      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

      ID: weekdays, enabled:1

        ID: monday, enabled:1, value: false

        ID: tuesday, enabled:1, value: false

        ID: wednesday, enabled:1, value: false

        ID: thursday, enabled:1, value: false

        ID: friday, enabled:1, value: false

        ID: saturday, enabled:1, value: false

        ID: sunday, enabled:1, value: false

      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

      ID: scanprofile, enabled:1, value: 

      ID: auto_deal_with_infections, enabled:1, value: false

    ID: updatedaily2, enabled:1, value: Daily 2

      ID: time, enabled:1, value: Wed Jan 06 17:26:00 2010

      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

      ID: weekdays, enabled:1

        ID: monday, enabled:1, value: false

        ID: tuesday, enabled:1, value: false

        ID: wednesday, enabled:1, value: false

        ID: thursday, enabled:1, value: false

        ID: friday, enabled:1, value: false

        ID: saturday, enabled:1, value: false

        ID: sunday, enabled:1, value: false

      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

      ID: scanprofile, enabled:1, value: 

      ID: auto_deal_with_infections, enabled:1, value: false

    ID: updatedaily3, enabled:1, value: Daily 3

      ID: time, enabled:1, value: Wed Jan 06 23:26:00 2010

      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

      ID: weekdays, enabled:1

        ID: monday, enabled:1, value: false

        ID: tuesday, enabled:1, value: false

        ID: wednesday, enabled:1, value: false

        ID: thursday, enabled:1, value: false

        ID: friday, enabled:1, value: false

        ID: saturday, enabled:1, value: false

        ID: sunday, enabled:1, value: false

      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

      ID: scanprofile, enabled:1, value: 

      ID: auto_deal_with_infections, enabled:1, value: false

    ID: updatedaily4, enabled:1, value: Daily 4

      ID: time, enabled:1, value: Wed Jan 06 05:26:00 2010

      ID: frequency, enabled:1, value: daily, domain:
Member Avatar for techsheaven

Hosts file is located at C:\Windows\System32\drivers\etc
And infected file would have a lot of ip address / URL pairs.
A normal hosts file should look like this:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

Member Avatar for techsheaven

Use notepad to open, view, edit Hosts file. Safe to delete it all and save as a blank file if you want, or copy the text from my last post (if yours is infected).

Good Luck!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.