[valerie586]

I got a threat notice that appeared to be through Microsoft Security Essentials, so i clicked "clean"...then a bunch of boxes popped up that says "delayed writed failed", "failed to save all components to the file system 321100000668. The file is corrupted or unreadable".
Also getting messages that say to scan the hard disk, which I did not do. Messages say "hard drive clusters partly damaged; segment load failure".
I ran Malware and it said the following "hkey_local_machine\software\microsoft\windows\current version\policies\system\disable task manager (PUM:hijack.taskmanager). It quaranteed and deleted it.
Malware also said file infected: c:\\documentsandsettings\admin\localsettings\temp\0.10065340141216073.exe (trojan.dropper) it quaranteed and deleted this.
I ran spybot and it found:
win32agent.bkr trojansC-05
microsoft.windows.security.firewallopenports
Spybot removed these.

I then ran rkill.
Then ran the tdsskiller, but it did not find any threats.

I tried to run the GMER, but got the following:
Type ?
Name: c/documents/adminlocals/~1temp\mbr.sys
Value: The system cannot find the file specified


DDS File:

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702
Run by ADMIN at 2:05:47 on 2012-01-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2759 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou2.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {da879c19-9088-418b-a63a-2e6fb294eaf0} - c:\program files\aadvantage eshoppingsm toolbar\Helper.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou2.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AAdvantage eShoppingSM Toolbar BHO: {5712a6bb-b6c8-4e52-a152-1ba741c9a6a2} - c:\program files\aadvantage eshoppingsm toolbar\Toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou2.dll
TB: AAdvantage eShoppingSM Toolbar: {85741f1d-ed47-4dcf-9109-07d10213c4d0} - c:\program files\aadvantage eshoppingsm toolbar\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [KndCLIWLJesl.exe] c:\documents and settings\all users\application data\KndCLIWLJesl.exe
mRunServices: [Dynamichplnchap1001] c:\docume~1\admin\locals~1\temp\exe.exe
mRunServices: [Wed1Album] c:\program files\nova development\photo explosion deluxe\project category\matching sets\weddings\albumwed128253.exe
mRunServices: [UpdaterProduct1.0.0.2] c:\program files\common files\nova development\shared\updaternova.exe
mRunServices: [Digireadreader] c:\program files\adobe\adobe photoshop cs2\plug-ins\digimarc\imagebridgetmdigisnep.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\hpsimp~1.lnk - c:\documents and settings\admin\application data\hp simplesave application\StartHelper.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ebay.com
Trusted Zone: facebook.com\www
Trusted Zone: google.com\www
Trusted Zone: hotmail.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: live.com
Trusted Zone: live.com\*.mail
Trusted Zone: msn.com
Trusted Zone: passport.com
Trusted Zone: windowslivehelp.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://allstate.webex.com/client/T27L10NSP11EP14/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
S0 cerc6;cerc6; [x]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
S2 BackupService;BackupService;c:\documents and settings\admin\application data\hp simplesave application\uUACTokenSvc.exe [2010-11-26 83512]
S2 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2010-7-16 1310960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-5 136176]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
S2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\qwest\quickcare\bin\sprtsvc.exe [2010-12-26 206120]
S2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\qwest\quickcare\bin\tgsrvc.exe [2010-12-26 185640]
S2 VZWConfigService;VZW Config Service;c:\program files\novatel wireless\lte support\VZWMSConfig.exe [2011-2-11 139776]
S3 egxfilter;egxfilter;c:\windows\system32\drivers\egxfilter.sys [2010-9-5 93568]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-5 136176]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-25 30576]
S3 NWRmNet_022;Novatel Wireless MiFi 4510 RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet_022.sys [2011-3-1 243712]
S3 NWUSBModem_022;Novatel Wireless Verizon MiFi LTE USB Modem Driver;c:\windows\system32\drivers\nwusbmdm_022.sys [2011-3-1 176384]
S3 NWUSBPort_022;Novatel Wireless Verizon MiFi LTE USB Status Port Driver;c:\windows\system32\drivers\nwusbser_022.sys [2011-3-1 176384]
S3 NWUSBPort2_022;Novatel Wireless Verizon MiFi LTE USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2_022.sys [2011-3-1 176384]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2011-3-18 114704]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
.
=============== Created Last 30 ================
.
2012-01-29 03:40:02 435968 ---ha-w- c:\documents and settings\all users\application data\KndCLIWLJesl.exe
2012-01-28 16:34:04 6557240 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b857718-6ab6-49a1-98c7-c5cc86679d5d}\mpengine.dll
.
==================== Find3M ====================
.
2012-01-04 09:26:22 236576 ---h--w- c:\windows\system32\MpSigStub.exe
2011-12-20 19:40:00 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ---ha-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ---ha-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ---ha-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ---ha-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ---ha-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ---ha-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ---h--w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ---h--w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ---ha-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ---ha-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ---ha-w- c:\windows\system32\ole32.dll
.
============= FINISH: 2:07:21.67 ===============



I still get a bunch of boxes that pop up and say the following:
"delayed writed failed", "failed to save all components to the file system 321100000668. The file is corrupted or unreadable".
Also getting messages that say to scan the hard disk, which I did not do. Messages say "hard drive clusters partly damaged; segment load failure".
there are also RAM errors, etc.

Attached Files

•  attach.txt   20KB   76 downloads