Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91982 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] All .EXE files locked - Believe The Cause Is "Security


  • This topic is locked This topic is locked
47 replies to this topic

#16 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 31 October 2009 - 03:46 AM

Hi,

The Java Addon in IE may be disabled.

Go to Tools > Internet Options > Advanced tab. Click Reset then OK and exit IE.

Re-open IE and ensure the Java add-ons are enabled.

Posted Image


If Kaspersky still will not run, please try the following scanner:


Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#17 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 31 October 2009 - 09:13 PM

I did exactly what you told me to do and it said the same statement as before. I still don't understand why??? I can't run the Kaspersky Online Scan.

#18 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 November 2009 - 06:28 AM

Kaspersky can be finicky at times. It's not uncommon. Please run the ESET scan. Thanks

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#19 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 02 November 2009 - 01:08 PM

ESET SCAN LOG C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudXPAntivirus.zip Win32/Bagle.gen.zip worm C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix.exe multiple threats C:\Documents and Settings\HP_Owner\Desktop\40409522\40409522.exe a variant of Win32/Kryptik.ARV trojan C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\Process.exe Win32/PrcView application C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application C:\Program Files\Morpheus Ultra\mymorpheusToolbar.exe Win32/Toolbar.AskSBar application C:\Qoobox\Quarantine\C\WINDOWS\system32\Process.exe.vir Win32/PrcView application C:\WINDOWS\system32\bsdevice.dll a variant of Win32/Induc.A virus D:\I386\Apps\APP30992\src\HPSummer2005.exe a variant of Win32/AdInstaller application

#20 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 02 November 2009 - 02:35 PM

Hi,

Please do the following:

  • Go to Start->Run and type in notepad and hit OK.
  • Then copy and paste the content of the following codebox into Notepad:

    @echo off
    if exist results.txt del results.txt
    FOR %%H IN (
    "C:\Documents and Settings\HP_Owner\Desktop\40409522\40409522.exe "
    "C:\Program Files\Morpheus Ultra\mymorpheusToolbar.exe "
    "C:\WINDOWS\system32\bsdevice.dll "
    ) DO (
    attrib -r -h -s %%H
    del /q /f %%H >> results.txt 2>>&1
    )
    start notepad results.txt
    del %0
  • Save the file to your DESKTOP as "find.bat". Make sure to save it with the quotes.
  • Once saved, the icon to click should look like this on your desktop:

    Posted Image
  • Double click find.bat. to run it. A small black box should open and close - this is normal.
  • Post results.txt


NEXT


Please post a fresh DDS and Attach.txt and advise how your computer is running now and if there are any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#21 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 02 November 2009 - 11:33 PM

After the "find.bat" file was clicked on desktop: here are the results Could Not Find C:\Documents and Settings\HP_Owner\Desktop\40409522\40409522.exe Could Not Find C:\Program Files\Morpheus Ultra\mymorpheusToolbar.exe Could Not Find C:\WINDOWS\system32\bsdevice.dll What is a DDS? I'm sorry... I know you're helping others... I just don't know what DDS stands for?

#22 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 03 November 2009 - 03:48 AM

My apologies,
I thought you had this program initially.

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


and please run the .bat file again, there was a small syntax error in the one above. Thank-you.

  • Go to Start->Run and type in notepad and hit OK.
  • Then copy and paste the content of the following codebox into Notepad:

    @echo off
    if exist results.txt del results.txt
    FOR %%H IN (
    "C:\Documents and Settings\HP_Owner\Desktop\40409522\40409522.exe"
    "C:\Program Files\Morpheus Ultra\mymorpheusToolbar.exe"
    "C:\WINDOWS\system32\bsdevice.dll"
    ) DO (
    attrib -r -h -s %%H
    del /q /f %%H >> results.txt 2>>&1
    )
    start notepad results.txt
    del %0
  • Save the file to your DESKTOP as "find.bat". Make sure to save it with the quotes.
  • Once saved, the icon to click should look like this on your desktop:

    Posted Image
  • Double click find.bat. to run it. A small black box should open and close - this is normal.
  • Post results.txt

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#23 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 04 November 2009 - 12:31 PM

DDS Report


DDS (Ver_09-10-26.01) - NTFSx86
Run by HP_Owner at 13:29:06.96 on Wed 11/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1504 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy4\dvdaudio\CTDVDDET.EXE"
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bestbuy.mvm.com/Core/Player/2020PlayerAX_Win32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189652665921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189652621625
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-1-9 30720]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-7-22 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-22 234888]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-8-19 66944]
R3 crtaud;Conexant Riptide WDM Audio Driver;c:\windows\system32\drivers\crtaud.sys [2008-4-29 42112]
R3 rpfun;Conexant Riptide Dummy Driver;c:\windows\system32\drivers\rpfun.sys [2008-4-29 3840]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;c:\windows\system32\drivers\rthwcls.sys [2008-4-29 30720]
S2 gupdate1c8fdb016204386;Google Update Service (gupdate1c8fdb016204386);c:\program files\google\update\GoogleUpdate.exe [2008-8-13 133104]
S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;c:\windows\system32\drivers\CenixFMC.sys [2006-5-31 18660]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2007-11-15 572416]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================

2009-11-02 15:45:12 0 d-----w- c:\program files\ESET
2009-10-30 22:50:19 77312 ----a-w- c:\windows\MBR.exe
2009-10-30 22:50:19 236544 ----a-w- c:\windows\PEV.exe
2009-10-07 18:29:47 69 ----a-w- C:\kl2log.htm

==================== Find3M ====================

2009-10-01 05:33:45 406 ----a-w- c:\docume~1\hp_owner\applic~1\wklnhst.dat
2009-09-10 18:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 22:35:13 47360 ----a-w- c:\docume~1\hp_owner\applic~1\pcouffin.sys
2009-08-19 22:24:55 117696 ----a-w- c:\windows\system32\advddischlp.dll
2009-08-19 22:20:23 89256 ----a-w- c:\windows\system32\elbycdio.dll
2009-08-19 22:20:23 1046464 ----a-w- c:\windows\system32\anydialog.dll
2009-07-20 17:31:48 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 13:29:15.07 ===============



Attach Report

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/8/2005 6:35:59 PM
System Uptime: 11/4/2009 11:01:02 AM (2 hours ago)

Motherboard: ASUSTek Computer INC. | | LITHIUM
Processor: Intel® Pentium® D CPU 3.20GHz | Socket 775 | 3200/200mhz
Processor: Intel® Pentium® D CPU 3.20GHz | Socket 775 | 3200/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 458 GiB total, 344.249 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.161 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Airlink101 Wireless PCI Adapter
Device ID: PCI\VEN_1814&DEV_0701&SUBSYS_3C8D1948&REV_00\4&1AF1648C&0&30F0
Manufacturer: Airlink
Name: Airlink101 Wireless PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0701&SUBSYS_3C8D1948&REV_00\4&1AF1648C&0&30F0
Service: RT80x86

==== System Restore Points ===================

RP427: 8/6/2009 3:15:01 PM - System Checkpoint
RP428: 8/7/2009 5:29:46 PM - System Checkpoint
RP429: 8/9/2009 10:05:12 PM - System Checkpoint
RP430: 8/10/2009 11:42:14 PM - System Checkpoint
RP431: 8/13/2009 12:15:57 AM - System Checkpoint
RP432: 8/14/2009 12:33:22 AM - System Checkpoint
RP433: 8/15/2009 12:56:21 AM - System Checkpoint
RP434: 8/17/2009 2:25:56 PM - System Checkpoint
RP435: 8/18/2009 2:30:37 PM - System Checkpoint
RP436: 8/19/2009 2:58:58 PM - System Checkpoint
RP437: 8/20/2009 5:08:46 PM - System Checkpoint
RP438: 8/21/2009 7:37:38 PM - System Checkpoint
RP439: 8/22/2009 10:32:55 PM - Installed SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
RP440: 8/24/2009 1:51:03 PM - System Checkpoint
RP441: 8/25/2009 11:35:18 PM - System Checkpoint
RP442: 8/28/2009 11:37:11 AM - System Checkpoint
RP443: 8/30/2009 12:09:34 AM - System Checkpoint
RP444: 8/31/2009 4:42:24 PM - System Checkpoint
RP445: 9/1/2009 11:24:55 PM - System Checkpoint
RP446: 9/4/2009 12:01:11 PM - System Checkpoint
RP447: 9/5/2009 11:02:56 PM - System Checkpoint
RP448: 9/7/2009 6:13:38 PM - System Checkpoint
RP449: 9/9/2009 3:24:32 PM - System Checkpoint
RP450: 9/10/2009 11:13:01 PM - System Checkpoint
RP451: 9/12/2009 11:17:41 PM - System Checkpoint
RP452: 9/13/2009 11:44:25 PM - System Checkpoint
RP453: 9/14/2009 4:23:36 PM - Installed Airlink101 WLAN Monitor
RP454: 9/14/2009 5:08:33 PM - Configured Airlink101 WLAN Monitor
RP455: 9/16/2009 11:19:34 AM - System Checkpoint
RP456: 9/18/2009 11:46:51 AM - System Checkpoint
RP457: 9/19/2009 8:17:27 PM - System Checkpoint
RP458: 9/21/2009 4:18:34 PM - System Checkpoint
RP459: 9/23/2009 11:43:38 AM - System Checkpoint
RP460: 9/25/2009 12:56:26 PM - System Checkpoint
RP461: 9/26/2009 8:22:27 PM - System Checkpoint
RP462: 9/27/2009 10:58:19 PM - System Checkpoint
RP463: 9/30/2009 11:47:55 AM - System Checkpoint
RP464: 10/2/2009 12:05:41 PM - System Checkpoint
RP465: 10/7/2009 1:28:08 PM - System Checkpoint
RP466: 10/9/2009 1:09:26 AM - System Checkpoint
RP467: 10/10/2009 8:30:42 PM - System Checkpoint
RP468: 10/12/2009 12:07:31 AM - System Checkpoint
RP469: 10/14/2009 5:10:42 PM - System Checkpoint
RP470: 10/16/2009 1:09:20 PM - System Checkpoint
RP471: 10/19/2009 12:09:29 PM - System Checkpoint
RP472: 10/20/2009 11:35:54 PM - System Checkpoint
RP473: 10/23/2009 11:28:52 AM - System Checkpoint
RP474: 10/24/2009 11:30:54 PM - System Checkpoint
RP475: 10/26/2009 4:20:07 PM - System Checkpoint
RP476: 10/28/2009 12:00:46 PM - System Checkpoint
RP477: 10/30/2009 5:24:16 PM - System Checkpoint
RP478: 11/2/2009 2:02:33 PM - System Checkpoint
RP479: 11/4/2009 11:45:38 AM - System Checkpoint

==== Installed Programs ======================


3100_3200_3300_Help
3100_3200_3300trb
3300
Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
Advanced System Optimizer 2.10
AGEIA PhysX v2.3.3
Agere Systems PCI Soft Modem
AiO_Scan_CDA
AiOSoftwareNPI
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Instant Messenger
ArmorIE Setup
AT&T Yahoo! Internet Mail
AVG Anti-Spyware 7.5
BroadJump Client Foundation
Brunswick Circuit Pro Bowling
BufferChm
Canon Camera Access Library
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
Canon Digital Camera USB WIA Driver
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Comcast High-Speed Internet Install Wizard
ComcastSUPPORT
ConvertXtoDVD 3.8.0.193d
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Creative MediaSource
Creative MediaSource 5
Creative MuVo N200 Media Explorer
CueTour
Desktop Doctor
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DivX Content Uploader
DivX Web Player
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
DreamStation DXi2
EA Link
EA SPORTS online 2007
Easy Internet Sign-up
eMedia Card Designer
ESET Online Scanner v3
eSupportQFolder
Evolis Dualys3 version 10.0.10.2
Fax_CDA
FEAR
FullDPAppQFolder
GameShadow
GameTap
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)
Ghost Recon Advanced Warfighter
Gift,The Prize Draw Software 6.0
Google Gears
Google Update Helper
GTA San Andreas
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hitman Blood Money
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Deskjet Printer Preload
HP Document Viewer 5.3
HP Driver Diagnostics
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Organize
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
HpSdpAppCoreApp
ImgBurn
InstantShareDevices
Intel® PRO Network Connections Drivers
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
IrfanView (remove only)
ItsDeductible Express
iTunes
J2SE Runtime Environment 5.0 Update 11
Kaspersky Online Scanner
LightScribe 1.4.42.1
LimeWire PRO 4.12.3
Madden NFL 07
Madden NFL 2003
Malwarebytes' Anti-Malware
Memturbo™ 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Desktop Engine
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Morpheus Ultra 5.3 (remove only)
Move Networks Media Player for Internet Explorer
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Music Creator Pro24 2004
muvee autoProducer 4.0
MuVo Driver
NavNet
Nero OEM
neroxml
NetZero Internet
NewCopy_CDA
NHL® 08
NHL® 2003
NHL07
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
Office 2003 Tour
Palm Desktop by ACCESS
PanoStandAlone
PatronPal 3.1
PC-Doctor 5 for Windows
PhotoGallery
Pinnacle Instant DVD Recorder
Power Voice II
proDAD Heroglyph 2.5
proDAD Vitascene 1.0
ProductContextNPI
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
Quicken 2005
QuickTime
RandMap
Readme
RealPlayer
Registry Cleaner 4.0
SafeCast Shared Components
Salon Iris
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Scan
ScannerCopy
Scarface: The World is Yours
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SimCity 3000
SkinsHP1
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Sound Blaster Audigy 4
SoundSoap PE
Spybot - Search & Destroy
Status
Studio 11
Studio 11 Bonus DVD
Studio 11 Ultimate
Suite Specific
SUPERAntiSpyware Free Edition
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 University
TrayApp
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmiiper
TurboTax 2008 wrapper
TurboTax Deluxe 2002
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Updates from HP (remove only)
VCRedistSetup
Virtual Sound Canvas DXi
Vuze
Vuze Toolbar
Wal-Mart Music Downloads Store
WavePad Uninstall
WebFldrs XP
WebReg
WinAVI Video Capture 2.0
WinAVIVideoConverter
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
XML Paper Specification Shared Components Pack 1.0
Yahoo! Desktop Login
Yahoo! Install Manager
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

11/2/2009 11:31:23 AM, error: Service Control Manager [7034] - The MSSQLSERVER service terminated unexpectedly. It has done this 1 time(s).
11/2/2009 11:31:23 AM, error: Service Control Manager [7022] - The MSSQLSERVER service hung on starting.
10/30/2009 6:58:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/30/2009 6:50:43 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
10/30/2009 6:50:43 PM, error: Service Control Manager [7034] - The C-DillaCdaC11BA service terminated unexpectedly. It has done this 1 time(s).
10/30/2009 6:50:43 PM, error: Service Control Manager [7034] - The Adobe Version Cue CS2 service terminated unexpectedly. It has done this 1 time(s).
10/30/2009 6:37:29 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.

==== End Of File ===========================

#24 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 04 November 2009 - 12:33 PM

Find Bat Log Could Not Find C:\Documents and Settings\HP_Owner\Desktop\40409522\40409522.exe Could Not Find C:\Program Files\Morpheus Ultra\mymorpheusToolbar.exe Could Not Find C:\WINDOWS\system32\bsdevice.dll

#25 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 04 November 2009 - 12:45 PM

I'm also getting an error message when I start up my computer. A box pops up and says: SQL Server could not find the default instance (MSSQLSERVER) - please specify the name of an existing instance of the invocation of sqlservr.exe. If you believe that your installation is corrupt or has been tampered with uninstall then re-run setup to correct this problem.

    Advertisements

Register to Remove


#26 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 04 November 2009 - 05:34 PM

Hi,

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.2)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

NEXT

advise if there is a folder titled 40409522 on your desktop. If there is > right click and delete it.

As for the SQL Server, you may need to uninstall and reinstall that program, however, you may wish to start a new topic in our software forum and have our expert techs take a look at it for you and advise, as I'm not overly familiar with that program.

We need to clean up our tools now ans the rest of your logs are clean.

Please do the following:

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image




NEXT

Now to remove the rest of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Note: If there are any other tools / logs remaining on your desktop after running this program > right click and delete them.


NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.


  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them

    Then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox, IE and chrome.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#27 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 06 November 2009 - 10:47 AM

Something happened?? I don't know if my computer was totally cleared out from the adware??? There seems to be something running in the background? Malware Log Malwarebytes' Anti-Malware 1.41 Database version: 3064 Windows 5.1.2600 Service Pack 2 11/6/2009 11:46:52 AM mbam-log-2009-11-06 (11-46-52).txt Scan type: Quick Scan Objects scanned: 110472 Time elapsed: 4 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6d223f6-c185-49a2-ba7e-a03e84744702} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b6d223f6-c185-49a2-ba7e-a03e84744702} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\drivers\84b782b3.sys (Rootkit.Rustock) -> Delete on reboot.

#28 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 06 November 2009 - 11:00 AM

Hi-Jack File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:18 AM, on 11/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 winguard-2009.microsoft.com
O1 - Hosts: 91.212.127.226 winguard-2009.com
O1 - Hosts: 91.212.127.226 www.winguard-2009.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHO - {b6d223f6-c185-49a2-ba7e-a03e84744702} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ratxsugh] C:\Documents and Settings\HP_Owner\Local Settings\Application Data\snecgx\sgnmsysguard.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ratxsugh] C:\Documents and Settings\HP_Owner\Local Settings\Application Data\snecgx\sgnmsysguard.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-51E5083BE3D9} - C:\Program Files\ArmorIE\SX.dll (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://bestbuy.mvm.c...yerAX_Win32.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.h...nosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189652665921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1189652621625
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Update Service (gupdate1c8fdb016204386) (gupdate1c8fdb016204386) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 12314 bytes

#29 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 06 November 2009 - 11:13 AM

Combo Fix Report

ComboFix 09-10-30.01 - HP_Owner 11/06/2009 12:07.7.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1519 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-0727870580-5714808428-696450580-7604
c:\recycler\S-1-5-21-0727870580-5714808428-696450580-7604\Desktop.ini
c:\recycler\S-1-5-21-2111902188-3027042487-216305540-3185
c:\recycler\S-1-5-21-2111902188-3027042487-216305540-3185\Desktop.ini
c:\windows\system32\iehelper.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP479\A0097882.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-06 17:09 . 2004-08-04 05:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-06 17:09 . 2004-08-04 05:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-06 16:04 . 2009-11-06 16:04 18944 ----a-w- C:\rycbgcq.exe
2009-11-06 16:04 . 2009-11-06 16:04 91648 ----a-w- C:\cmxmwfg.exe
2009-11-06 16:04 . 2009-11-06 16:04 197674 ----a-w- C:\wrjcmwbu.exe
2009-11-06 16:04 . 2009-11-06 17:09 93952 ----a-w- c:\windows\system32\drivers\84b782b3.sys
2009-11-06 16:03 . 2009-11-06 16:03 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\snecgx
2009-11-06 16:03 . 2009-11-06 16:04 197674 ----a-w- C:\ilywlxxf.exe
2009-11-06 16:03 . 2009-11-06 16:03 91648 ----a-w- C:\txgbaxl.exe
2009-11-06 16:03 . 2009-11-06 16:03 8192 ----a-w- C:\isllv.exe
2009-11-02 15:45 . 2009-11-02 15:45 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 16:52 . 2009-11-06 16:52 0 ----a-w- C:\1B.tmp
2009-11-06 16:52 . 2009-11-06 16:52 0 ----a-w- C:\1A.tmp
2009-11-06 16:52 . 2009-11-06 16:52 0 ----a-w- C:\19.tmp
2009-11-06 16:52 . 2009-11-06 16:52 0 ----a-w- C:\18.tmp
2009-11-06 16:52 . 2009-11-06 16:52 0 ----a-w- C:\17.tmp
2009-11-06 16:52 . 2009-11-06 16:52 0 ----a-w- C:\16.tmp
2009-11-06 16:52 . 2009-11-06 16:52 0 ----a-w- C:\15.tmp
2009-11-06 16:51 . 2009-11-06 16:51 0 ----a-w- C:\14.tmp
2009-11-06 16:51 . 2009-11-06 16:51 0 ----a-w- C:\13.tmp
2009-11-06 16:50 . 2009-11-06 16:50 0 ----a-w- C:\9.tmp
2009-11-06 16:50 . 2009-11-06 16:50 0 ----a-w- C:\8.tmp
2009-11-06 16:50 . 2009-11-06 16:50 0 ----a-w- C:\7.tmp
2009-11-06 16:29 . 2008-09-25 10:09 -------- d-----w- c:\program files\NavNet
2009-11-06 16:21 . 2009-11-06 16:21 0 ----a-w- C:\12.tmp
2009-11-06 16:21 . 2009-11-06 16:21 0 ----a-w- C:\11.tmp
2009-11-06 16:21 . 2009-11-06 16:21 0 ----a-w- C:\10.tmp
2009-11-06 16:21 . 2009-11-06 16:21 0 ----a-w- C:\F.tmp
2009-11-06 16:21 . 2009-11-06 16:21 0 ----a-w- C:\E.tmp
2009-11-06 16:21 . 2009-11-06 16:21 0 ----a-w- C:\D.tmp
2009-11-06 16:21 . 2009-11-06 16:21 0 ----a-w- C:\C.tmp
2009-11-06 16:21 . 2009-11-06 16:21 0 ----a-w- C:\B.tmp
2009-11-06 16:21 . 2009-11-06 16:21 0 ----a-w- C:\A.tmp
2009-11-06 16:18 . 2009-11-06 16:18 0 ----a-w- C:\6.tmp
2009-11-06 16:18 . 2009-11-06 16:18 0 ----a-w- C:\5.tmp
2009-11-06 16:18 . 2009-11-06 16:18 0 ----a-w- C:\3.tmp
2009-11-06 16:05 . 2004-08-04 05:00 212480 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-11-04 19:41 . 2006-01-31 11:42 406 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2009-11-04 15:57 . 2005-11-23 01:43 -------- d-----w- c:\program files\Google
2009-11-03 05:30 . 2005-12-09 00:40 -------- d-----w- c:\program files\Morpheus Ultra
2009-10-30 15:27 . 2008-03-20 19:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-14 21:08 . 2005-11-23 01:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 18:54 . 2008-11-22 18:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-06-25 19:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 22:35 . 2009-08-19 22:35 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-19 22:35 . 2009-08-19 22:35 47360 ----a-w- c:\documents and settings\HP_Owner\Application Data\pcouffin.sys
2009-08-19 22:25 . 2009-08-19 22:20 1 ----a-w- c:\windows\system32\Earth BluRay Ripper.dat
2009-08-19 22:24 . 2009-08-19 22:20 117696 ----a-w- c:\windows\system32\advddischlp.dll
2009-08-19 22:20 . 2009-08-19 22:20 89256 ----a-w- c:\windows\system32\elbycdio.dll
2009-08-19 22:20 . 2009-08-19 22:20 24232 ----a-w- c:\windows\system32\drivers\elbycdio.sys
2009-08-19 22:20 . 2009-08-19 22:20 103744 ----a-w- c:\windows\system32\drivers\anydvd.sys
2009-08-19 22:20 . 2009-08-19 22:20 1046464 ----a-w- c:\windows\system32\anydialog.dll
.

------- Sigcheck -------

[-] 2009-11-06 16:05 . EEA1C8D5A153DBD2A9E7C90CD644C47E . 212480 . . [------] . . c:\windows\system32\dllcache\ndis.sys
[-] 2009-11-06 16:05 . EEA1C8D5A153DBD2A9E7C90CD644C47E . 212480 . . [------] . . c:\windows\system32\drivers\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ndis.sys
[7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\erdnt\cache\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-10-30_23.01.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-06 16:49 . 2009-11-06 16:49 16384 c:\windows\Temp\Perflib_Perfdata_c4c.dat
- 2005-06-24 22:43 . 2009-10-30 22:42 97170 c:\windows\system32\perfc009.dat
+ 2005-06-24 22:43 . 2009-11-06 16:54 97170 c:\windows\system32\perfc009.dat
+ 2009-11-04 15:57 . 2009-11-04 15:57 47104 c:\windows\Installer\332c71.msi
+ 2009-11-02 15:51 . 2009-11-02 15:51 22528 c:\windows\Installer\14eb7d.msi
- 2007-06-10 11:26 . 2007-06-10 11:26 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-06-10 11:26 . 2009-11-02 19:07 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2007-06-10 11:26 . 2007-06-10 11:26 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2007-06-10 11:26 . 2009-11-02 19:07 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2007-06-10 11:26 . 2009-11-02 19:07 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2007-06-10 11:26 . 2007-06-10 11:26 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2007-06-10 11:26 . 2007-06-10 11:26 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2007-06-10 11:26 . 2009-11-02 19:07 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2007-06-10 11:26 . 2007-06-10 11:26 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2007-06-10 11:26 . 2009-11-02 19:07 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2005-12-09 01:39 . 2007-06-10 11:26 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2005-12-09 01:39 . 2009-11-02 19:07 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-06-10 11:26 . 2007-06-10 11:26 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2007-06-10 11:26 . 2009-11-02 19:07 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2007-06-10 11:26 . 2009-11-02 19:07 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2007-06-10 11:26 . 2007-06-10 11:26 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-06-10 11:26 . 2009-11-02 19:07 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-06-10 11:26 . 2007-06-10 11:26 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2007-06-10 11:26 . 2009-11-02 19:07 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2007-06-10 11:26 . 2007-06-10 11:26 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2005-06-24 22:43 . 2009-10-30 22:42 507834 c:\windows\system32\perfh009.dat
+ 2005-06-24 22:43 . 2009-11-06 16:54 507834 c:\windows\system32\perfh009.dat
- 2007-06-10 11:26 . 2007-06-10 11:26 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2007-06-10 11:26 . 2009-11-02 19:07 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2007-06-10 11:26 . 2007-06-10 11:26 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2007-06-10 11:26 . 2009-11-02 19:07 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ratxsugh"="c:\documents and settings\HP_Owner\Local Settings\Application Data\snecgx\sgnmsysguard.exe" [2009-11-06 251136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-06 282624]
"ratxsugh"="c:\documents and settings\HP_Owner\Local Settings\Application Data\snecgx\sgnmsysguard.exe" [2009-11-06 251136]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-08-22 16384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2006-10-19 14:12 258048 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^..]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\..
backup=c:\windows\pss\..Startup

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_SZ c:\windows\system32\mscert.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Morpheus Ultra\\Morpheus.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 2003\\Updater.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 2003\\mainapp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 12:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/9/2007 2:09 PM 30720]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [7/22/2009 2:38 AM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [7/22/2009 2:38 AM 234888]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [8/19/2009 5:20 PM 66944]
R3 crtaud;Conexant Riptide WDM Audio Driver;c:\windows\system32\drivers\crtaud.sys [4/29/2008 5:37 PM 42112]
R3 rpfun;Conexant Riptide Dummy Driver;c:\windows\system32\drivers\rpfun.sys [4/29/2008 5:37 PM 3840]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;c:\windows\system32\drivers\rthwcls.sys [4/29/2008 5:37 PM 30720]
S2 gupdate1c8fdb016204386;Google Update Service (gupdate1c8fdb016204386);c:\program files\Google\Update\GoogleUpdate.exe [8/13/2008 8:50 PM 133104]
S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;c:\windows\system32\drivers\CenixFMC.sys [5/31/2006 11:49 AM 18660]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [11/15/2007 8:18 PM 572416]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - classpnp_2
*NewlyCreated* - pciidex_2
*Deregistered* - classpnp_2
*Deregistered* - mbr
*Deregistered* - pciidex_2
.
Contents of the 'Scheduled Tasks' folder

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-14 21:38]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-14 21:38]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bestbuy.mvm.com/Core/Player/2020PlayerAX_Win32.cab
DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{b6d223f6-c185-49a2-ba7e-a03e84744702} - c:\windows\system32\iehelper.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 12:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\84b782b3]
"ImagePath"="\SystemRoot\System32\drivers\84b782b3.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-11-06 12:11
ComboFix-quarantined-files.txt 2009-11-06 17:11
ComboFix2.txt 2009-10-30 23:10
ComboFix3.txt 2008-12-04 05:09
ComboFix4.txt 2008-12-01 08:34
ComboFix5.txt 2009-11-06 17:06

Pre-Run: 369,647,489,024 bytes free
Post-Run: 369,635,213,312 bytes free

- - End Of File - - 13C89C078FEEE458FF6382F98AA848C0

#30 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 06 November 2009 - 11:34 AM

Hi,

Yes it does appear as though you are reinfected.

Please do the following: (if you haven't already done so > delete the copy of ComboFix from your desktop > download a fresh copy)

Download ComboFix from either of these locations:
Link 1
Link 2


VERY IMPORTANT !!!
Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users