Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91682 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] WinFixer woes


  • This topic is locked This topic is locked
31 replies to this topic

#16 someguy

someguy

    Authentic Member

  • Authentic Member
  • PipPip
  • 60 posts

Posted 12 October 2009 - 11:34 PM

I ran MBAM a second time and it still found one item, backdoor.bot. Here is the log from the second quick scan: Malwarebytes' Anti-Malware 1.41 Database version: 2951 Windows 5.1.2600 Service Pack 3 10/13/2009 12:33:04 AM mbam-log-2009-10-13 (00-33-04).txt Scan type: Quick Scan Objects scanned: 97603 Time elapsed: 3 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5HDQQBSI\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

    Advertisements

Register to Remove


#17 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 13 October 2009 - 02:45 AM

Hi,

Please do the following:

Make sure all your security programs are disabled

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://forums.whatthetech.com/WinFixer_woes_t107488.html&view=findpost&p=602592#entry602592

Collect::
c:\windows\Dgebeqicoxicak.dat
c:\windows\system32\FastNetSrv.exe

KillAll::

File::
c:\windows\Cwawuqahiv.bin
c:\windows\temp\x1c51164.dll
c:\windows\temp\mta64078.dll

Firefox::
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\j1cizrmh.default\
FF - HiddenExtension: XULRunner: {4BF73112-CBC1-4A44-8924-6123A4FBDC00} - c:\documents and settings\John\Local Settings\Application Data\{4BF73112-CBC1-4A44-8924-6123A4FBDC00}

Driver::
fastnetsrv

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.



NEXT

Run MalwareBytes once more to make sure it comes back clean


Next

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#18 someguy

someguy

    Authentic Member

  • Authentic Member
  • PipPip
  • 60 posts

Posted 13 October 2009 - 05:31 AM

I am currently running the kasperski scan. It is 87% done after almosy 6 hours and I would like to let it finish after all this time.

#19 someguy

someguy

    Authentic Member

  • Authentic Member
  • PipPip
  • 60 posts

Posted 13 October 2009 - 06:40 AM

here is the kaspersky report: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, October 13, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, October 13, 2009 07:25:26 Records in database: 2964870 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 367819 Threats found: 20 Infected objects found: 41 Suspicious objects found: 0 Scan duration: 06:33:33 File name / Threat / Threats count C:\Documents and Settings\John\Desktop\torrents\More J-6 Backups\Program Files\LucasArts\KotF Jedi Academy Expansion Pack\src\cmds\menucmds\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1 C:\Downloads\Best.Screensavers.2007\screen saver!\worldclock.rar Infected: Trojan-Dropper.Win32.Agent.bfkz 1 C:\Qoobox\Quarantine\C\Documents and Settings\John\ntuser.dll.vir Infected: Trojan.Win32.Scar.aakg 1 C:\Qoobox\Quarantine\C\Documents and Settings\John\Start Menu\Programs\Startup\scandisk.dll.vir Infected: Trojan.Win32.Scar.aakg 1 C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\ntuser.dll.vir Infected: Trojan.Win32.Scar.aakg 1 C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\winivsetup.exe.vir Infected: Trojan.Win32.FraudPack.vje 1 C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir Infected: Packed.Win32.Krap.ag 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4v32.dll.vir Infected: Backdoor.Win32.Agent.alqd 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\bamonipo.exe.vir Infected: Trojan.Win32.Scar.zgn 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.dll.vir Infected: Trojan.Win32.Scar.aakg 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\ntuser.dll.vir Infected: Trojan.Win32.Scar.aakg 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gasfkyvdadtelr.sys.vir Infected: Packed.Win32.TDSS.z 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\filokinu.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkyepmbivkp.dll.vir Infected: Packed.Win32.TDSS.z 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkypyfdevel.dll.vir Infected: Packed.Win32.TDSS.z 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\giyesewu.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\losamine.dll.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\lujorosu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\pebapehe.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\plugie.dll.vir Infected: Trojan.Win32.FraudPack.vrm 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\vafubamu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\x9212.dll.vir Infected: Trojan-Downloader.Win32.Small.ante 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip Infected: Trojan-Spy.Win32.Zbot.gen 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-13_00.03.21.zip Infected: Backdoor.Win32.Bredavi.zr 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-13_00.03.21.zip Infected: Trojan-Spy.Win32.Zbot.gen 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-13_00.03.21.zip Infected: Trojan-Downloader.Win32.Mufanom.dpj 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-13_00.03.21.zip Infected: Trojan.Win32.Agent2.cjge 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-13_00.03.21.zip Infected: Trojan.Win32.Agent.cyna 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-13_00.03.21.zip Infected: Trojan-Downloader.Win32.Agent.bqxc 3 C:\Qoobox\Quarantine\[4]-Submit_2009-10-13_00.03.21.zip Infected: Trojan-Downloader.Win32.Mufanom.dqp 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-13_00.03.21.zip Infected: Packed.Win32.TDSS.aa 3 C:\Qoobox\Quarantine\[4]-Submit_2009-10-13_00.03.21.zip Infected: Trojan-Downloader.Win32.DlfBfkg.ajf 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-13_00.03.21.zip Infected: Packed.Win32.TDSS.z 3 C:\System Volume Information\_restore{9A74557C-6A96-4A2C-8D09-351E89C24A9C}\RP1\A0000045.exe Infected: Trojan-Downloader.Win32.DlfBfkg.ajf 1 C:\System Volume Information\_restore{9A74557C-6A96-4A2C-8D09-351E89C24A9C}\RP1\A0000066.exe Infected: Trojan-Downloader.Win32.DlfBfkg.ajf 1 Selected area has been scanned.

#20 someguy

someguy

    Authentic Member

  • Authentic Member
  • PipPip
  • 60 posts

Posted 13 October 2009 - 07:00 AM

again there may have been a problem, but here is the log.


ComboFix 09-10-12.03 - John 10/13/2009 7:44.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1404 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John\Desktop\cfscript.txt

FILE ::
"c:\windows\Cwawuqahiv.bin"
"c:\windows\temp\mta64078.dll"
"c:\windows\temp\x1c51164.dll"

file zipped: c:\windows\Dgebeqicoxicak.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\John\Local Settings\Application Data\{4BF73112-CBC1-4A44-8924-6123A4FBDC00}
c:\documents and settings\John\Local Settings\Application Data\{4BF73112-CBC1-4A44-8924-6123A4FBDC00}\chrome.manifest
c:\documents and settings\John\Local Settings\Application Data\{4BF73112-CBC1-4A44-8924-6123A4FBDC00}\chrome\content\_cfg.js
c:\documents and settings\John\Local Settings\Application Data\{4BF73112-CBC1-4A44-8924-6123A4FBDC00}\chrome\content\overlay.xul
c:\documents and settings\John\Local Settings\Application Data\{4BF73112-CBC1-4A44-8924-6123A4FBDC00}\install.rdf
c:\windows\Cwawuqahiv.bin
c:\windows\Dgebeqicoxicak.dat
c:\windows\irc.txt
c:\windows\system32\Install.txt
c:\windows\temp\x1c51164.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-13 05:43 . 2009-10-13 05:43 -------- d-----w- c:\windows\Sun
2009-10-13 05:43 . 2009-10-13 05:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 05:42 . 2009-10-13 05:42 -------- d-----w- c:\program files\Java
2009-10-12 07:15 . 2009-10-12 07:15 -------- d--h--w- c:\windows\PIF
2009-10-12 06:37 . 2009-10-12 06:37 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2009-10-12 06:37 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 06:37 . 2009-10-12 06:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 06:37 . 2009-10-12 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-12 06:37 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 00:49 . 2009-10-09 00:49 -------- d-----w- c:\documents and settings\John\Application Data\Pamela
2009-10-09 00:49 . 2009-10-09 00:49 175104 ----a-w- c:\windows\system32\RemoteControl.dll
2009-10-09 00:49 . 2009-10-09 00:53 -------- d-----w- c:\program files\Pamela
2009-10-09 00:36 . 2009-10-09 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PrettyMay
2009-10-09 00:36 . 2009-10-09 00:36 -------- d-----w- c:\documents and settings\John\Application Data\PrettyMay
2009-09-24 00:56 . 2009-09-24 00:56 -------- d-----w- c:\program files\Kap.GRETests
2009-09-24 00:56 . 1999-02-25 11:32 122880 ----a-w- c:\windows\system32\fxtls532.dll
2009-09-24 00:56 . 1999-01-29 05:28 29184 ----a-w- c:\windows\system32\picn20.dll
2009-09-24 00:56 . 1999-03-26 00:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-09-21 16:42 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 07:00 . 2009-07-17 15:16 -------- d-----w- c:\program files\TextAloud
2009-10-13 06:18 . 2009-04-16 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-09 00:50 . 2009-05-06 17:12 -------- d-----w- c:\documents and settings\John\Application Data\Skype
2009-10-08 23:49 . 2009-05-06 17:14 -------- d-----w- c:\documents and settings\John\Application Data\skypePM
2009-10-08 08:57 . 2009-06-04 21:15 25 ----a-w- c:\windows\popcinfot.dat
2009-10-07 21:39 . 2009-02-14 01:09 -------- d-----w- c:\program files\IrfanView
2009-10-03 13:43 . 2009-02-21 23:02 -------- d-----w- c:\program files\BitComet
2009-10-03 02:14 . 2009-08-09 17:48 -------- d-----w- c:\program files\BFG
2009-10-03 02:02 . 2009-08-09 22:06 -------- d-----w- c:\program files\Codemasters
2009-10-03 02:02 . 2009-02-14 20:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 06:32 . 2009-02-16 09:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-22 14:44 . 2009-02-16 02:48 60096 ----a-w- c:\windows\system32\nvModes.dat
2009-08-24 16:13 . 2009-03-11 21:19 -------- d-----w- c:\program files\PowerISO
2009-08-11 07:42 . 2009-02-18 03:36 100800 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 05:42 . 2009-08-10 05:42 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-08-09 18:24 . 2009-08-09 18:24 0 ----a-w- c:\windows\popcinfo.dat
2009-08-07 00:24 . 2009-02-13 02:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2009-02-13 02:02 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2009-02-13 02:02 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2008-10-16 20:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2009-02-13 02:02 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-12 13:56 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2009-02-13 02:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2009-02-13 02:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-12 14:01 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 03:42 . 2009-07-29 03:42 796672 ----a-w- c:\windows\GPInstall.exe
2009-07-27 02:43 . 2009-07-27 02:43 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-07-17 19:01 . 2004-08-12 13:55 58880 ----a-w- c:\windows\system32\atl.dll
2003-12-18 16:33 . 2009-08-10 05:39 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 12:46 . 2009-08-10 05:39 10960 ----a-w- c:\program files\EULA.txt
.

((((((((((((((((((((((((((((( SnapShot@2009-10-12_09.15.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-12 14:03 . 2009-10-13 05:39 68558 c:\windows\system32\perfc009.dat
- 2004-08-12 14:03 . 2009-10-12 08:53 68558 c:\windows\system32\perfc009.dat
+ 2004-08-12 14:03 . 2009-10-13 05:39 435828 c:\windows\system32\perfh009.dat
- 2004-08-12 14:03 . 2009-10-12 08:53 435828 c:\windows\system32\perfh009.dat
+ 2009-10-13 05:43 . 2009-10-13 05:42 149280 c:\windows\system32\javaws.exe
+ 2009-10-13 05:43 . 2009-10-13 05:42 145184 c:\windows\system32\javaw.exe
+ 2009-10-13 05:43 . 2009-10-13 05:42 145184 c:\windows\system32\java.exe
+ 2009-10-13 05:42 . 2009-10-13 05:42 537600 c:\windows\Installer\6fb8d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 86016]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-13 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-30 1657376]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2009-01-30 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-11 07:19 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sulljoh1\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sulljoh1\\source sdk base\\hl2.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Codemasters\\Overlord\\Overlord.exe"=
"c:\\Program Files\\Codemasters\\Overlord II\\Overlord2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15043:TCP"= 15043:TCP:BitComet 15043 TCP
"15043:UDP"= 15043:UDP:BitComet 15043 UDP

R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [4/14/2009 4:19 PM 222456]
S2 gupdate1c9be9f4c4ca05c;Google Update Service (gupdate1c9be9f4c4ca05c);c:\program files\Google\Update\GoogleUpdate.exe [4/16/2009 9:26 AM 133104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv
.
Contents of the 'Scheduled Tasks' folder

2009-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-16 14:25]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 14:26]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 14:26]

2009-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1844823847-725345543-1004Core.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-06 00:12]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1844823847-725345543-1004UA.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-06 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\j1cizrmh.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.whatthetech.com/WinFixer_woes_t107488.html&st=15
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\John\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\John\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 07:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1844823847-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:98,83,92,bc,bd,a4,1b,90,d7,8b,71,08,35,d6,44,ac,c0,9a,4f,d7,88,
10,33,be,78,3a,0f,54,ee,6a,27,80,1f,f4,52,24,2c,b4,69,fa,6b,fb,ce,c2,af,e2,\
"rkeysecu"=hex:5c,6a,b3,2c,b9,5a,0d,e2,88,50,3c,5d,3e,01,f6,0e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3124)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2009-10-13 7:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 12:55
ComboFix2.txt 2009-10-13 05:15
ComboFix3.txt 2009-10-12 09:22

Pre-Run: 5,154,267,136 bytes free
Post-Run: 5,216,391,168 bytes free

229 --- E O F --- 2009-09-22 08:02

#21 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 13 October 2009 - 07:34 AM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"BtwSrv"=-

Netsvc::
BtwSrv

File::
C:\Downloads\Best.Screensavers.2007\screen saver!\worldclock.rar

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT

Please post a fresh DDS and Attach.txt and advise how your computer is running now and if there are any outstanding issues

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#22 someguy

someguy

    Authentic Member

  • Authentic Member
  • PipPip
  • 60 posts

Posted 13 October 2009 - 10:39 AM

My computer screen is suddenly going black randomly, every few seconds. here is the atach log: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-10-12.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 2/12/2009 8:06:45 PM System Uptime: 10/13/2009 8:59:10 AM (3 hours ago) Motherboard: Dell Inc. | | Processor: Intel® Core™2 CPU T7200 @ 2.00GHz | Microprocessor | 1657/166mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 298 GiB total, 4.868 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1: 10/13/2009 12:02:23 AM - System Checkpoint RP2: 10/13/2009 12:42:53 AM - Installed Java™ 6 Update 16 ==== Installed Programs ====================== 3dsmax ancillary install Acrobat.com Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge 1.0 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Common File Installer Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Center 2.0 Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Premiere Pro 2.0 Adobe Reader 9.1.1 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AOTC - Revit Architecture 2008 Essentials Apple Mobile Device Support Apple Software Update Arvoch Conflict AutoCAD 2008 - English Autodesk 3ds Max 9 32-bit Autodesk Design Review 2009 Autodesk DWF Viewer 7 Backburner BitComet 0.84 Bonjour Conexant HDA D110 MDC V.92 Modem Darwinia Darwinia Demo2 Deep Space Nine The Fallen Dell ResourceCD Deutz Engine FBX Plugin 2006.08 for Max 9.0 Google Chrome Google Earth Google Talk (remove only) Google Talk Plugin Google Update Helper Google Updater GoToAssist 8.0.0.514 Half-Life 2 Half-Life® 2 Harvest - Massive Encounter Homeworld2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) ICQ Toolbar ICQ6.5 IrfanView (remove only) iTunes Java™ 6 Update 16 K-Lite Codec Pack 4.6.2 (Full) Mahjong Escape Ancient Japan (remove only) Mahjong Fortuna 2 Deluxe Mahjongg Artifacts Malwarebytes' Anti-Malware Maya Fluid Effects Screensaver Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Project MUI (English) 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft VC80 Support DLLs Microsoft Visual C++ 2005 Redistributable Mixer Mozilla Firefox (3.0.14) MSXML 6.0 Parser Multiwinia v1.3.0 Mythic Mahjong NingPo MahJong Deluxe 1.04 NVIDIA Drivers NVIDIA PhysX Opera 9.63 Overlord - Raising Hell Overlord II Pamela Pro 4.5 PDF Settings PDFCreator PowerISO QuickSet QuickTime Real Alternative 1.9.0 Revit Architecture 2009 Rhinoceros 4.0 Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) SigmaTel Audio SimCity 4 Deluxe Skype™ 4.0 SlimDX Redistributable (March 2009) Sound Blaster ADVANCED MB Drivers Sound Blaster Audigy ADVANCED MB Demo Source SDK Base - Orange Box Star Wars Empire at War Stargate Empire at War StargateTC2 Steam™ StickMen War 2.5 Strong Bad - Strong Bad Episode 5 - 8-Bit Is Enough TextAloud TJ-Beam UltraCompare v6.10 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) VBA (2627.01) VideoLAN VLC media player 0.8.6c Warlords Beta 0.45 WebFldrs XP Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Format Runtime Windows XP Service Pack 3 WinRAR archiver ==== Event Viewer Messages From Past Week ======== 10/9/2009 5:05:54 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\bovenage.dll. Reference error message: The operation completed successfully. . 10/9/2009 5:05:54 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\system32\bovenage.dll" on line 8. 10/8/2009 7:57:14 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). 10/8/2009 7:57:14 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 10/13/2009 7:43:33 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s). 10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). 10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s). 10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The fastnetsrv Service service terminated unexpectedly. It has done this 1 time(s). 10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s). 10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The Autodesk Licensing Service service terminated unexpectedly. It has done this 1 time(s). 10/13/2009 12:03:22 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 10/13/2009 11:00:07 AM, error: NetBT [4321] - The name "J-7 :20" could not be registered on the Interface with IP address 192.168.10.102. The machine with the IP address 192.168.10.101 did not allow the name to be claimed by this machine. 10/12/2009 4:13:51 AM, error: PlugPlayManager [11] - The device Root\LEGACY_ISASDK\0000 disappeared from the system without first being prepared for removal. 10/12/2009 3:59:52 AM, error: NetBT [4321] - The name "J-7 :0" could not be registered on the Interface with IP address 192.168.10.102. The machine with the IP address 192.168.10.101 did not allow the name to be claimed by this machine. 10/12/2009 3:11:25 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 10/12/2009 12:17:12 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 10/12/2009 12:17:10 AM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). 10/12/2009 12:17:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 10/12/2009 12:17:10 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 1:59:13 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The system cannot find the file specified. 10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Time service to connect. 10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect. 10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Server service to connect. 10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Security Center service to connect. 10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Secondary Logon service to connect. 10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Help and Support service to connect. 10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Error Reporting Service service to connect. 10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Distributed Link Tracking Client service to connect. 10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CryptSvc service to connect. 10/12/2009 1:59:08 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The CryptSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The AntiPol service failed to start due to the following error: The system cannot find the file specified. 10/12/2009 1:59:07 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 10/12/2009 1:35:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect. 10/12/2009 1:35:26 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 1:31:52 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. 10/12/2009 1:31:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cryptographic Services service to connect. 10/12/2009 1:31:33 AM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 1:28:54 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the System Restore Service service to connect. 10/12/2009 1:28:54 AM, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 1:11:17 AM, error: Service Control Manager [7034] - The AntiPol service terminated unexpectedly. It has done this 1 time(s). 10/10/2009 5:34:52 AM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s). 10/10/2009 5:34:51 AM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s). 10/10/2009 5:34:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 10/10/2009 5:34:51 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/10/2009 5:34:50 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 10/10/2009 5:34:50 AM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s). 10/10/2009 5:34:50 AM, error: Service Control Manager [7034] - The mental ray 3.5 Satellite (32-bit) service terminated unexpectedly. It has done this 1 time(s). 10/10/2009 5:34:50 AM, error: Service Control Manager [7034] - The ICQ Service service terminated unexpectedly. It has done this 1 time(s). 10/10/2009 5:34:50 AM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service. 10/10/2009 5:34:50 AM, error: Service Control Manager [7022] - The NVIDIA Display Driver Service service hung on starting. 10/10/2009 5:33:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows User Mode Driver Framework service to connect. 10/10/2009 5:33:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect. 10/10/2009 5:33:26 AM, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/10/2009 5:33:26 AM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/10/2009 3:38:19 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period. 10/10/2009 11:13:16 PM, error: NetBT [4321] - The name "J-7 :20" could not be registered on the Interface with IP address 192.168.10.101. The machine with the IP address 192.168.10.102 did not allow the name to be claimed by this machine. 10/10/2009 11:13:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NICCONFIGSVC service to connect. 10/10/2009 11:13:14 PM, error: Service Control Manager [7000] - The NICCONFIGSVC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/10/2009 11:13:14 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A3C35F72-E30D-4904-A22E-3B1690F04622} because another computer on the network has the same name. The server could not start. ==== End Of File ===========================

#23 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 13 October 2009 - 12:35 PM

Hi, check your screen saver settings for the screen going black. I deleted the infected screen saver you had, so those settings will have to be reset. Please post the most recent Combofix log and the DDS log (you've only posted the attach.txt

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#24 someguy

someguy

    Authentic Member

  • Authentic Member
  • PipPip
  • 60 posts

Posted 13 October 2009 - 10:51 PM

ok I ran the combofix per your instructions and here is the log.

ComboFix 09-10-13.01 - John 10/13/2009 23:37.5.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1646 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John\Desktop\CFScript.txt

FILE ::
"c:\downloads\Best.Screensavers.2007\screen saver!\worldclock.rar"
.

((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-13 05:43 . 2009-10-13 05:43 -------- d-----w- c:\windows\Sun
2009-10-13 05:43 . 2009-10-13 05:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 05:42 . 2009-10-13 05:42 -------- d-----w- c:\program files\Java
2009-10-12 07:15 . 2009-10-12 07:15 -------- d--h--w- c:\windows\PIF
2009-10-12 06:37 . 2009-10-12 06:37 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2009-10-12 06:37 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 06:37 . 2009-10-12 06:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 06:37 . 2009-10-12 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-12 06:37 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 00:49 . 2009-10-09 00:49 -------- d-----w- c:\documents and settings\John\Application Data\Pamela
2009-10-09 00:49 . 2009-10-09 00:49 175104 ----a-w- c:\windows\system32\RemoteControl.dll
2009-10-09 00:49 . 2009-10-09 00:53 -------- d-----w- c:\program files\Pamela
2009-10-09 00:36 . 2009-10-09 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PrettyMay
2009-10-09 00:36 . 2009-10-09 00:36 -------- d-----w- c:\documents and settings\John\Application Data\PrettyMay
2009-09-24 00:56 . 2009-09-24 00:56 -------- d-----w- c:\program files\Kap.GRETests
2009-09-24 00:56 . 1999-02-25 11:32 122880 ----a-w- c:\windows\system32\fxtls532.dll
2009-09-24 00:56 . 1999-01-29 05:28 29184 ----a-w- c:\windows\system32\picn20.dll
2009-09-24 00:56 . 1999-03-26 00:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-09-21 16:42 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 04:30 . 2009-07-17 15:16 -------- d-----w- c:\program files\TextAloud
2009-10-13 06:18 . 2009-04-16 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-09 00:50 . 2009-05-06 17:12 -------- d-----w- c:\documents and settings\John\Application Data\Skype
2009-10-08 23:49 . 2009-05-06 17:14 -------- d-----w- c:\documents and settings\John\Application Data\skypePM
2009-10-08 08:57 . 2009-06-04 21:15 25 ----a-w- c:\windows\popcinfot.dat
2009-10-07 21:39 . 2009-02-14 01:09 -------- d-----w- c:\program files\IrfanView
2009-10-03 13:43 . 2009-02-21 23:02 -------- d-----w- c:\program files\BitComet
2009-10-03 02:14 . 2009-08-09 17:48 -------- d-----w- c:\program files\BFG
2009-10-03 02:02 . 2009-08-09 22:06 -------- d-----w- c:\program files\Codemasters
2009-10-03 02:02 . 2009-02-14 20:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 06:32 . 2009-02-16 09:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-22 14:44 . 2009-02-16 02:48 60096 ----a-w- c:\windows\system32\nvModes.dat
2009-08-24 16:13 . 2009-03-11 21:19 -------- d-----w- c:\program files\PowerISO
2009-08-11 07:42 . 2009-02-18 03:36 100800 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 05:42 . 2009-08-10 05:42 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-08-09 18:24 . 2009-08-09 18:24 0 ----a-w- c:\windows\popcinfo.dat
2009-08-07 00:24 . 2009-02-13 02:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2009-02-13 02:02 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2009-02-13 02:02 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2008-10-16 20:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2009-02-13 02:02 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-12 13:56 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2009-02-13 02:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2009-02-13 02:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-12 14:01 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 03:42 . 2009-07-29 03:42 796672 ----a-w- c:\windows\GPInstall.exe
2009-07-27 02:43 . 2009-07-27 02:43 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-07-17 19:01 . 2004-08-12 13:55 58880 ----a-w- c:\windows\system32\atl.dll
2003-12-18 16:33 . 2009-08-10 05:39 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 12:46 . 2009-08-10 05:39 10960 ----a-w- c:\program files\EULA.txt
.

((((((((((((((((((((((((((((( SnapShot@2009-10-12_09.15.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-12 14:03 . 2009-10-14 04:34 68558 c:\windows\system32\perfc009.dat
- 2004-08-12 14:03 . 2009-10-12 08:53 68558 c:\windows\system32\perfc009.dat
+ 2004-08-12 14:03 . 2009-10-14 04:34 435828 c:\windows\system32\perfh009.dat
- 2004-08-12 14:03 . 2009-10-12 08:53 435828 c:\windows\system32\perfh009.dat
+ 2009-10-13 05:43 . 2009-10-13 05:42 149280 c:\windows\system32\javaws.exe
+ 2009-10-13 05:43 . 2009-10-13 05:42 145184 c:\windows\system32\javaw.exe
+ 2009-10-13 05:43 . 2009-10-13 05:42 145184 c:\windows\system32\java.exe
+ 2009-10-13 05:42 . 2009-10-13 05:42 537600 c:\windows\Installer\6fb8d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 86016]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-13 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-30 1657376]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2009-01-30 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-11 07:19 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sulljoh1\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sulljoh1\\source sdk base\\hl2.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Codemasters\\Overlord\\Overlord.exe"=
"c:\\Program Files\\Codemasters\\Overlord II\\Overlord2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15043:TCP"= 15043:TCP:BitComet 15043 TCP
"15043:UDP"= 15043:UDP:BitComet 15043 UDP

R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [4/14/2009 4:19 PM 222456]
S2 gupdate1c9be9f4c4ca05c;Google Update Service (gupdate1c9be9f4c4ca05c);c:\program files\Google\Update\GoogleUpdate.exe [4/16/2009 9:26 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-10-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-16 14:25]

2009-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 14:26]

2009-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 14:26]

2009-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1844823847-725345543-1004Core.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-06 00:12]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1844823847-725345543-1004UA.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-06 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\j1cizrmh.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.whatthetech.com/WinFixer_woes_t107488.html&st=15
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\John\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\John\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 23:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1844823847-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:98,83,92,bc,bd,a4,1b,90,d7,8b,71,08,35,d6,44,ac,c0,9a,4f,d7,88,
10,33,be,78,3a,0f,54,ee,6a,27,80,1f,f4,52,24,2c,b4,69,fa,6b,fb,ce,c2,af,e2,\
"rkeysecu"=hex:5c,6a,b3,2c,b9,5a,0d,e2,88,50,3c,5d,3e,01,f6,0e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(552)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2009-10-14 23:46
ComboFix-quarantined-files.txt 2009-10-14 04:45
ComboFix2.txt 2009-10-13 15:20
ComboFix3.txt 2009-10-13 12:55
ComboFix4.txt 2009-10-13 05:15
ComboFix5.txt 2009-10-14 04:36

Pre-Run: 5,167,620,096 bytes free
Post-Run: 5,133,393,920 bytes free

195 --- E O F --- 2009-09-22 08:02






I ran DDS afterward and here are the 2 log files:

DDS:


DDS (Ver_09-10-12.01) - NTFSx86
Run by John at 23:50:22.98 on Tue 10/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1516 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - c:\progra~1\textal~1\TAForIE.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\j1cizrmh.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.whatthetech.com/WinFixer_woes_t107488.html&st=15
FF - plugin: c:\documents and settings\john\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\john\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-4-14 222456]
S2 gupdate1c9be9f4c4ca05c;Google Update Service (gupdate1c9be9f4c4ca05c);c:\program files\google\update\GoogleUpdate.exe [2009-4-16 133104]

=============== Created Last 30 ================

2009-10-13 00:43 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-13 00:43 73,728 a------- c:\windows\system32\javacpl.cpl
2009-10-12 04:03 <DIR> a-dshr-- C:\cmdcons
2009-10-12 02:15 <DIR> --d-h--- c:\windows\PIF
2009-10-12 01:37 <DIR> --d----- c:\docume~1\john\applic~1\Malwarebytes
2009-10-12 01:37 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 01:37 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-12 01:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 01:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-12 01:28 236,544 a------- c:\windows\PEV.exe
2009-10-12 01:28 161,792 a------- c:\windows\SWREG.exe
2009-10-12 01:28 98,816 a------- c:\windows\sed.exe
2009-10-08 19:56 19 a------- c:\windows\system32\wwp.htm
2009-10-08 19:49 <DIR> --d----- c:\docume~1\john\applic~1\Pamela
2009-10-08 19:49 175,104 a------- c:\windows\system32\RemoteControl.dll
2009-10-08 19:49 <DIR> --d----- c:\program files\Pamela
2009-10-08 19:36 <DIR> --d----- c:\docume~1\john\applic~1\PrettyMay
2009-10-08 19:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrettyMay
2009-09-23 19:56 28,672 a------- c:\windows\system32\MsgHoo32.OCX
2009-09-23 19:56 238,080 a------- c:\windows\system32\fximg50g.ocx
2009-09-23 19:56 122,880 a------- c:\windows\system32\fxtls532.dll
2009-09-23 19:56 29,184 a------- c:\windows\system32\picn20.dll
2009-09-23 19:56 <DIR> --d----- c:\program files\Kap.GRETests
2009-09-23 19:56 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-09-21 11:42 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-18 19:54 39,583 a------- c:\windows\system32\nvwsapps.xml

==================== Find3M ====================

2009-09-30 01:32 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-09-22 09:44 60,096 a------- c:\windows\system32\nvModes.dat
2009-08-10 00:42 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 22:42 796,672 a------- c:\windows\GPInstall.exe
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2003-12-18 11:33 20,102 a------- c:\program files\Readme.txt
2003-09-03 07:46 10,960 a------- c:\program files\EULA.txt

============= FINISH: 23:50:29.73 ===============












Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-12.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/12/2009 8:06:45 PM
System Uptime: 10/13/2009 11:29:14 PM (0 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel® Core™2 CPU T7200 @ 2.00GHz | Microprocessor | 1997/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 4.804 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/13/2009 12:02:23 AM - System Checkpoint
RP2: 10/13/2009 12:42:53 AM - Installed Java™ 6 Update 16

==== Installed Programs ======================

3dsmax ancillary install
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro 2.0
Adobe Reader 9.1.1
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AOTC - Revit Architecture 2008 Essentials
Apple Mobile Device Support
Apple Software Update
Arvoch Conflict
AutoCAD 2008 - English
Autodesk 3ds Max 9 32-bit
Autodesk Design Review 2009
Autodesk DWF Viewer 7
Backburner
BitComet 0.84
Bonjour
Conexant HDA D110 MDC V.92 Modem
Darwinia
Darwinia Demo2
Deep Space Nine The Fallen
Dell ResourceCD
Deutz Engine
FBX Plugin 2006.08 for Max 9.0
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
Half-Life 2
Half-Life® 2
Harvest - Massive Encounter
Homeworld2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
ICQ Toolbar
ICQ6.5
IrfanView (remove only)
iTunes
Java™ 6 Update 16
K-Lite Codec Pack 4.6.2 (Full)
Mahjong Escape Ancient Japan (remove only)
Mahjong Fortuna 2 Deluxe
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Maya Fluid Effects Screensaver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft VC80 Support DLLs
Microsoft Visual C++ 2005 Redistributable
Mixer
Mozilla Firefox (3.0.14)
MSXML 6.0 Parser
Multiwinia v1.3.0
Mythic Mahjong
NingPo MahJong Deluxe 1.04
NVIDIA Drivers
NVIDIA PhysX
Opera 9.63
Overlord - Raising Hell
Overlord II
Pamela Pro 4.5
PDF Settings
PDFCreator
PowerISO
QuickSet
QuickTime
Real Alternative 1.9.0
Revit Architecture 2009
Rhinoceros 4.0
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SigmaTel Audio
SimCity 4 Deluxe
Skype™ 4.0
SlimDX Redistributable (March 2009)
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB Demo
Source SDK Base - Orange Box
Star Wars Empire at War
Stargate Empire at War
StargateTC2
Steam™
StickMen War 2.5
Strong Bad - Strong Bad Episode 5 - 8-Bit Is Enough
TextAloud
TJ-Beam
UltraCompare v6.10
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VBA (2627.01)
VideoLAN VLC media player 0.8.6c
Warlords Beta 0.45
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

10/9/2009 5:05:54 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\bovenage.dll. Reference error message: The operation completed successfully. .
10/9/2009 5:05:54 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\system32\bovenage.dll" on line 8.
10/8/2009 7:57:14 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
10/8/2009 7:57:14 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/13/2009 7:43:33 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The fastnetsrv Service service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 12:03:22 AM, error: Service Control Manager [7034] - The Autodesk Licensing Service service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 12:03:22 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/13/2009 11:29:47 PM, error: Dhcp [1002] - The IP address lease 192.168.10.102 for the Network Card with network address 001CBF3215D6 has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).
10/13/2009 11:00:07 AM, error: NetBT [4321] - The name "J-7 :20" could not be registered on the Interface with IP address 192.168.10.102. The machine with the IP address 192.168.10.101 did not allow the name to be claimed by this machine.
10/12/2009 4:13:51 AM, error: PlugPlayManager [11] - The device Root\LEGACY_ISASDK\0000 disappeared from the system without first being prepared for removal.
10/12/2009 3:59:52 AM, error: NetBT [4321] - The name "J-7 :0" could not be registered on the Interface with IP address 192.168.10.102. The machine with the IP address 192.168.10.101 did not allow the name to be claimed by this machine.
10/12/2009 3:11:25 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/12/2009 12:17:12 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
10/12/2009 12:17:10 AM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
10/12/2009 12:17:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
10/12/2009 12:17:10 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 1:59:13 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The system cannot find the file specified.
10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Time service to connect.
10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Server service to connect.
10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Security Center service to connect.
10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Secondary Logon service to connect.
10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Help and Support service to connect.
10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Error Reporting Service service to connect.
10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Distributed Link Tracking Client service to connect.
10/12/2009 1:59:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CryptSvc service to connect.
10/12/2009 1:59:08 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The CryptSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 1:59:08 AM, error: Service Control Manager [7000] - The AntiPol service failed to start due to the following error: The system cannot find the file specified.
10/12/2009 1:59:07 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
10/12/2009 1:35:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect.
10/12/2009 1:35:26 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 1:31:52 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/12/2009 1:31:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cryptographic Services service to connect.
10/12/2009 1:31:33 AM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 1:28:54 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the System Restore Service service to connect.
10/12/2009 1:28:54 AM, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 1:11:17 AM, error: Service Control Manager [7034] - The AntiPol service terminated unexpectedly. It has done this 1 time(s).
10/10/2009 5:34:52 AM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
10/10/2009 5:34:51 AM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
10/10/2009 5:34:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
10/10/2009 5:34:51 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/10/2009 5:34:50 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
10/10/2009 5:34:50 AM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
10/10/2009 5:34:50 AM, error: Service Control Manager [7034] - The mental ray 3.5 Satellite (32-bit) service terminated unexpectedly. It has done this 1 time(s).
10/10/2009 5:34:50 AM, error: Service Control Manager [7034] - The ICQ Service service terminated unexpectedly. It has done this 1 time(s).
10/10/2009 5:34:50 AM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
10/10/2009 5:34:50 AM, error: Service Control Manager [7022] - The NVIDIA Display Driver Service service hung on starting.
10/10/2009 5:33:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows User Mode Driver Framework service to connect.
10/10/2009 5:33:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
10/10/2009 5:33:26 AM, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/10/2009 5:33:26 AM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/10/2009 3:38:19 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
10/10/2009 11:13:16 PM, error: NetBT [4321] - The name "J-7 :20" could not be registered on the Interface with IP address 192.168.10.101. The machine with the IP address 192.168.10.102 did not allow the name to be claimed by this machine.
10/10/2009 11:13:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NICCONFIGSVC service to connect.
10/10/2009 11:13:14 PM, error: Service Control Manager [7000] - The NICCONFIGSVC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/10/2009 11:13:14 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A3C35F72-E30D-4904-A22E-3B1690F04622} because another computer on the network has the same name. The server could not start.

==== End Of File ===========================

#25 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 14 October 2009 - 02:59 AM

Hi,

Your logs are clean,

time to do some housekeeping now.

Please do the following:

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

Now to remove the rest of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Right click and delete any remaining logs and the DDS and GMER programs from your desktop.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.


  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them

    Then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • For Firefox, I highly recommend this add-on to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#26 someguy

someguy

    Authentic Member

  • Authentic Member
  • PipPip
  • 60 posts

Posted 15 October 2009 - 12:19 AM

I have not seen any new problems. I have a copy of norton 360, I believe comcast provides mcafee as well, and of course avg free. Would you recommend one of these? Thank you very much for saving my computer. I hurting from the economic strain at moment but I can make a small donation to the site to help cover hosting costs or something if you'd like.

#27 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 15 October 2009 - 03:37 AM

Hi, choose whichever av works the best with your system's configuration. (only use one av) I have no preference over the three you have listed. My help is free - just pass it forward. stay safe :wavey: ~CB

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#28 someguy

someguy

    Authentic Member

  • Authentic Member
  • PipPip
  • 60 posts

Posted 15 October 2009 - 10:37 PM

Strange. My screen is still flashing to black, even though the virus is gone and there is no screen saver active.

#29 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 16 October 2009 - 02:58 AM

Do you have standby mode selected at any time span? check your settings. choose a default screensaver, set it for 10 minutes, see if it still does it outside of the stabdby mode settings.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#30 someguy

someguy

    Authentic Member

  • Authentic Member
  • PipPip
  • 60 posts

Posted 18 October 2009 - 03:31 PM

I had all the power settings like "Turn off monitor" set to "Never" and the screen saver is set to "None." Funny thing, after that last post the problem seems to have gone away.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users