Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91804 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] All .EXE files locked - Believe The Cause Is "Security


  • This topic is locked This topic is locked
47 replies to this topic

#31 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 06 November 2009 - 11:45 AM

I think we're good! Thanks again! =) You've been a big help! =) You may close the thread! :thumbup:

    Advertisements

Register to Remove


#32 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 06 November 2009 - 12:00 PM

Hi, You may not be good, if you are reinfected there may be more work to do, please post the log from the updated combofix The logs you provided were from versions of the tools that have expired. We need to update the tools and run the scans once more

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#33 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 06 November 2009 - 12:03 PM

don't close the thread. There is still something running in the background. I have used ComboFix and everything is fine... it removes the adware. When you power down the computer and start it back up... it's reappearing. Running in the background. My internet connection won't start up as quickly as usual... it's a 3 minute delay. I also noticed my computer is making humming noises... I would only imagine that means it's working harder than usual on a start up? There must be something else running in the background?

#34 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 06 November 2009 - 12:06 PM

Please download an updated ComboFix as instructed and post the log

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#35 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 06 November 2009 - 12:24 PM

ComboFix 09-11-05.05 - HP_Owner 11/06/2009 13:05.8.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1525 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\10.tmp
C:\11.tmp
C:\12.tmp
C:\13.tmp
C:\14.tmp
C:\15.tmp
C:\16.tmp
C:\17.tmp
C:\18.tmp
C:\19.tmp
C:\1A.tmp
C:\1B.tmp
C:\1C.tmp
C:\1D.tmp
C:\1E.tmp
C:\20.tmp
C:\21.tmp
C:\22.tmp
C:\23.tmp
C:\24.tmp
C:\25.tmp
C:\26.tmp
C:\27.tmp
C:\28.tmp
C:\29.tmp
C:\2A.tmp
C:\2E.tmp
C:\2F.tmp
C:\3.tmp
C:\30.tmp
C:\31.tmp
C:\32.tmp
C:\33.tmp
C:\34.tmp
C:\35.tmp
C:\36.tmp
C:\4.tmp
C:\5.tmp
C:\6.tmp
C:\7.tmp
C:\8.tmp
C:\9.tmp
C:\A.tmp
C:\B.tmp
C:\C.tmp
C:\D.tmp
C:\E.tmp
C:\F.tmp
c:\windows\system32\drivers\84b782b3.sys
c:\windows\system32\iehelper.dll

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - c:\windows\erdnt\cache\ndis.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_84b782b3


((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-06 18:16 . 2009-11-06 18:16 12032 ----a-w- c:\windows\system32\iehelper.dll
2009-11-06 17:37 . 2009-11-06 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 17:09 . 2004-08-04 05:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-06 17:09 . 2004-08-04 05:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-06 16:04 . 2009-11-06 16:04 18944 ----a-w- C:\rycbgcq.exe
2009-11-06 16:04 . 2009-11-06 16:04 91648 ----a-w- C:\cmxmwfg.exe
2009-11-06 16:04 . 2009-11-06 16:04 197674 ----a-w- C:\wrjcmwbu.exe
2009-11-06 16:03 . 2009-11-06 16:03 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\snecgx
2009-11-06 16:03 . 2009-11-06 16:04 197674 ----a-w- C:\ilywlxxf.exe
2009-11-06 16:03 . 2009-11-06 16:03 91648 ----a-w- C:\txgbaxl.exe
2009-11-06 16:03 . 2009-11-06 16:03 8192 ----a-w- C:\isllv.exe
2009-11-02 15:45 . 2009-11-02 15:45 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 18:18 . 2009-11-06 18:18 0 ----a-w- C:\13.tmp
2009-11-06 18:18 . 2009-11-06 18:18 0 ----a-w- C:\12.tmp
2009-11-06 18:18 . 2009-11-06 18:18 0 ----a-w- C:\11.tmp
2009-11-06 18:18 . 2009-11-06 18:18 0 ----a-w- C:\10.tmp
2009-11-06 18:18 . 2009-11-06 18:18 0 ----a-w- C:\F.tmp
2009-11-06 18:17 . 2009-11-06 18:17 0 ----a-w- C:\E.tmp
2009-11-06 18:17 . 2009-11-06 18:17 0 ----a-w- C:\D.tmp
2009-11-06 18:17 . 2009-11-06 18:17 0 ----a-w- C:\C.tmp
2009-11-06 18:17 . 2009-11-06 18:17 0 ----a-w- C:\B.tmp
2009-11-06 17:37 . 2005-11-23 00:51 -------- d-----w- c:\program files\Java
2009-11-06 17:22 . 2005-11-23 01:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-06 16:29 . 2008-09-25 10:09 -------- d-----w- c:\program files\NavNet
2009-11-06 16:05 . 2004-08-04 05:00 212480 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-11-04 19:41 . 2006-01-31 11:42 406 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2009-11-04 15:57 . 2005-11-23 01:43 -------- d-----w- c:\program files\Google
2009-11-03 05:30 . 2005-12-09 00:40 -------- d-----w- c:\program files\Morpheus Ultra
2009-10-30 15:27 . 2008-03-20 19:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 05:54 . 2008-06-25 19:49 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-14 21:08 . 2005-11-23 01:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 18:54 . 2008-11-22 18:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-06-25 19:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 22:35 . 2009-08-19 22:35 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-19 22:35 . 2009-08-19 22:35 47360 ----a-w- c:\documents and settings\HP_Owner\Application Data\pcouffin.sys
2009-08-19 22:35 . 2009-08-19 22:35 47360 ----a-w- c:\documents and settings\HP_Owner\Application Data\pcouffin.sys
2009-08-19 22:25 . 2009-08-19 22:20 1 ----a-w- c:\windows\system32\Earth BluRay Ripper.dat
2009-08-19 22:24 . 2009-08-19 22:20 117696 ----a-w- c:\windows\system32\advddischlp.dll
2009-08-19 22:20 . 2009-08-19 22:20 89256 ----a-w- c:\windows\system32\elbycdio.dll
2009-08-19 22:20 . 2009-08-19 22:20 24232 ----a-w- c:\windows\system32\drivers\elbycdio.sys
2009-08-19 22:20 . 2009-08-19 22:20 103744 ----a-w- c:\windows\system32\drivers\anydvd.sys
2009-08-19 22:20 . 2009-08-19 22:20 1046464 ----a-w- c:\windows\system32\anydialog.dll
.

------- Sigcheck -------

[-] 2009-11-06 . 558635D3AF1C7546D26067D5D9B6959E . 212480 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2009-11-06 . 558635D3AF1C7546D26067D5D9B6959E . 212480 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
[-] 2008-04-13 . 558635D3AF1C7546D26067D5D9B6959E . 182656 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ndis.sys
[7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\erdnt\cache\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6d223f6-c185-49a2-ba7e-a03e84744702}]
2009-11-06 18:16 12032 ----a-w- c:\windows\system32\iehelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ratxsugh"="c:\documents and settings\HP_Owner\Local Settings\Application Data\snecgx\sgnmsysguard.exe" [2009-11-06 251136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-06 282624]
"ratxsugh"="c:\documents and settings\HP_Owner\Local Settings\Application Data\snecgx\sgnmsysguard.exe" [2009-11-06 251136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"combofix"="c:\combofix\CF29105.exe" [2009-11-06 388608]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-08-22 16384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2006-10-19 14:12 258048 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^..]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\..
backup=c:\windows\pss\..Startup

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_SZ c:\windows\system32\mscert.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Morpheus Ultra\\Morpheus.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 2003\\Updater.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 2003\\mainapp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 12:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/9/2007 2:09 PM 30720]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [7/22/2009 2:38 AM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [7/22/2009 2:38 AM 234888]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [8/19/2009 5:20 PM 66944]
R3 crtaud;Conexant Riptide WDM Audio Driver;c:\windows\system32\drivers\crtaud.sys [4/29/2008 5:37 PM 42112]
R3 rpfun;Conexant Riptide Dummy Driver;c:\windows\system32\drivers\rpfun.sys [4/29/2008 5:37 PM 3840]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;c:\windows\system32\drivers\rthwcls.sys [4/29/2008 5:37 PM 30720]
S1 84b782b3;84b782b3;c:\windows\system32\drivers\84b782b3.sys --> c:\windows\system32\drivers\84b782b3.sys [?]
S2 gupdate1c8fdb016204386;Google Update Service (gupdate1c8fdb016204386);c:\program files\Google\Update\GoogleUpdate.exe [8/13/2008 8:50 PM 133104]
S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;c:\windows\system32\drivers\CenixFMC.sys [5/31/2006 11:49 AM 18660]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [11/15/2007 8:18 PM 572416]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-14 21:38]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-14 21:38]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bestbuy.mvm.com/Core/Player/2020PlayerAX_Win32.cab
DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 13:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A480500]<<
kernel: MBR read successfully
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-06 13:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-06 18:23

Pre-Run: 371,682,406,400 bytes free
Post-Run: 371,564,777,472 bytes free

- - End Of File - - B9D3ABB0895DD20044639E5B6613E476

#36 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 06 November 2009 - 12:38 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://forums.whatthetech.com/All_EXE_files_locked_Believe_Cause_Security_Tool_t107984.html&view=findpost&p=608614#entry608614

Collect::
c:\windows\system32\iehelper.dll
C:\rycbgcq.exe
C:\cmxmwfg.exe
C:\wrjcmwbu.exe
C:\ilywlxxf.exe
C:\txgbaxl.exe
C:\isllv.exe
C:\13.tmp
C:\12.tmp
C:\11.tmp
C:\10.tmp
C:\F.tmp
C:\E.tmp
C:\D.tmp
C:\C.tmp
C:\B.tmp
c:\documents and settings\HP_Owner\Local Settings\Application Data\snecgx\sgnmsysguard.exe
c:\windows\system32\drivers\84b782b3.sys 

KillAll::

Folder::
c:\documents and settings\HP_Owner\Local Settings\Application Data\snecgx

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6d223f6-c185-49a2-ba7e-a03e84744702}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ratxsugh"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ratxsugh"=-

Driver::
84b782b3

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#37 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 06 November 2009 - 01:28 PM

ComboFix 09-11-05.05 - HP_Owner 11/06/2009 14:12.9.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1560 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt

file zipped: C:\10.tmp
file zipped: C:\11.tmp
file zipped: C:\12.tmp
file zipped: C:\13.tmp
file zipped: C:\B.tmp
file zipped: C:\C.tmp
file zipped: C:\cmxmwfg.exe
file zipped: C:\D.tmp
file zipped: c:\documents and settings\HP_Owner\Local Settings\Application Data\snecgx\sgnmsysguard.exe
file zipped: C:\E.tmp
file zipped: C:\F.tmp
file zipped: C:\ilywlxxf.exe
file zipped: C:\isllv.exe
file zipped: C:\rycbgcq.exe
file zipped: C:\txgbaxl.exe
file zipped: c:\windows\system32\iehelper.dll
file zipped: C:\wrjcmwbu.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\10.tmp
C:\11.tmp
C:\12.tmp
C:\13.tmp
C:\B.tmp
C:\C.tmp
C:\cmxmwfg.exe
C:\D.tmp
c:\documents and settings\HP_Owner\Local Settings\Application Data\snecgx
c:\documents and settings\HP_Owner\Local Settings\Application Data\snecgx\sgnmsysguard.exe
C:\E.tmp
C:\F.tmp
C:\ilywlxxf.exe
C:\isllv.exe
C:\rycbgcq.exe
C:\txgbaxl.exe
c:\windows\system32\iehelper.dll
C:\wrjcmwbu.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-06 17:37 . 2009-11-06 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 17:09 . 2004-08-04 05:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-06 17:09 . 2004-08-04 05:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-02 15:45 . 2009-11-02 15:45 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 19:21 . 2009-11-06 19:21 0 ----a-w- C:\13.tmp
2009-11-06 19:21 . 2009-11-06 19:21 0 ----a-w- C:\12.tmp
2009-11-06 19:21 . 2009-11-06 19:21 0 ----a-w- C:\11.tmp
2009-11-06 19:21 . 2009-11-06 19:21 0 ----a-w- C:\10.tmp
2009-11-06 19:21 . 2009-11-06 19:21 0 ----a-w- C:\F.tmp
2009-11-06 19:21 . 2009-11-06 19:21 0 ----a-w- C:\E.tmp
2009-11-06 19:21 . 2009-11-06 19:21 0 ----a-w- C:\D.tmp
2009-11-06 19:21 . 2009-11-06 19:21 0 ----a-w- C:\C.tmp
2009-11-06 19:21 . 2009-11-06 19:21 0 ----a-w- C:\B.tmp
2009-11-06 19:18 . 2009-11-06 19:18 0 ----a-w- C:\6.tmp
2009-11-06 19:18 . 2009-11-06 19:18 0 ----a-w- C:\5.tmp
2009-11-06 19:18 . 2009-11-06 19:18 0 ----a-w- C:\4.tmp
2009-11-06 17:37 . 2005-11-23 00:51 -------- d-----w- c:\program files\Java
2009-11-06 17:22 . 2005-11-23 01:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-06 16:29 . 2008-09-25 10:09 -------- d-----w- c:\program files\NavNet
2009-11-06 16:05 . 2004-08-04 05:00 212480 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-11-04 19:41 . 2006-01-31 11:42 406 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2009-11-04 15:57 . 2005-11-23 01:43 -------- d-----w- c:\program files\Google
2009-11-03 05:30 . 2005-12-09 00:40 -------- d-----w- c:\program files\Morpheus Ultra
2009-10-30 15:27 . 2008-03-20 19:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 05:54 . 2008-06-25 19:49 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-14 21:08 . 2005-11-23 01:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 18:54 . 2008-11-22 18:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-06-25 19:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 22:35 . 2009-08-19 22:35 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-19 22:35 . 2009-08-19 22:35 47360 ----a-w- c:\documents and settings\HP_Owner\Application Data\pcouffin.sys
2009-08-19 22:35 . 2009-08-19 22:35 47360 ----a-w- c:\documents and settings\HP_Owner\Application Data\pcouffin.sys
2009-08-19 22:25 . 2009-08-19 22:20 1 ----a-w- c:\windows\system32\Earth BluRay Ripper.dat
2009-08-19 22:24 . 2009-08-19 22:20 117696 ----a-w- c:\windows\system32\advddischlp.dll
2009-08-19 22:20 . 2009-08-19 22:20 89256 ----a-w- c:\windows\system32\elbycdio.dll
2009-08-19 22:20 . 2009-08-19 22:20 24232 ----a-w- c:\windows\system32\drivers\elbycdio.sys
2009-08-19 22:20 . 2009-08-19 22:20 103744 ----a-w- c:\windows\system32\drivers\anydvd.sys
2009-08-19 22:20 . 2009-08-19 22:20 1046464 ----a-w- c:\windows\system32\anydialog.dll
.

------- Sigcheck -------

[-] 2009-11-06 . 558635D3AF1C7546D26067D5D9B6959E . 212480 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2009-11-06 . 558635D3AF1C7546D26067D5D9B6959E . 212480 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
[-] 2008-04-13 . 558635D3AF1C7546D26067D5D9B6959E . 182656 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ndis.sys
[7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\erdnt\cache\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-06_18.16.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-06 19:18 . 2009-11-06 19:18 16384 c:\windows\temp\Perflib_Perfdata_9c.dat
+ 2009-11-06 19:18 . 2009-11-06 19:18 16384 c:\windows\temp\Perflib_Perfdata_284.dat
+ 2005-06-24 22:43 . 2009-11-06 18:19 97170 c:\windows\system32\perfc009.dat
- 2005-06-24 22:43 . 2009-11-06 18:01 97170 c:\windows\system32\perfc009.dat
+ 2005-06-24 22:43 . 2009-11-06 18:19 507834 c:\windows\system32\perfh009.dat
- 2005-06-24 22:43 . 2009-11-06 18:01 507834 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-06 282624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"combofix"="c:\combofix\CF5436.exe" [2009-11-06 388608]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-08-22 16384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2006-10-19 14:12 258048 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^..]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\..
backup=c:\windows\pss\..Startup

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_SZ c:\windows\system32\mscert.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Morpheus Ultra\\Morpheus.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 2003\\Updater.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 2003\\mainapp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 12:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/9/2007 2:09 PM 30720]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [7/22/2009 2:38 AM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [7/22/2009 2:38 AM 234888]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [8/19/2009 5:20 PM 66944]
R3 crtaud;Conexant Riptide WDM Audio Driver;c:\windows\system32\drivers\crtaud.sys [4/29/2008 5:37 PM 42112]
R3 rpfun;Conexant Riptide Dummy Driver;c:\windows\system32\drivers\rpfun.sys [4/29/2008 5:37 PM 3840]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;c:\windows\system32\drivers\rthwcls.sys [4/29/2008 5:37 PM 30720]
S2 gupdate1c8fdb016204386;Google Update Service (gupdate1c8fdb016204386);c:\program files\Google\Update\GoogleUpdate.exe [8/13/2008 8:50 PM 133104]
S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;c:\windows\system32\drivers\CenixFMC.sys [5/31/2006 11:49 AM 18660]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [11/15/2007 8:18 PM 572416]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-14 21:38]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-14 21:38]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bestbuy.mvm.com/Core/Player/2020PlayerAX_Win32.cab
DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 14:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A49D500]<<
kernel: MBR read successfully
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-06 14:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-06 19:27
ComboFix2.txt 2009-11-06 18:23

Pre-Run: 371,536,740,352 bytes free
Post-Run: 371,534,082,048 bytes free

- - End Of File - - 2D011E4219AE6B16A853C12E4DD25F59

#38 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 06 November 2009 - 02:41 PM

Hi,

Still more to do,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\13.tmp
C:\12.tmp
C:\11.tmp
C:\10.tmp
C:\F.tmp
C:\E.tmp
C:\D.tmp
C:\C.tmp
C:\B.tmp
C:\6.tmp
C:\5.tmp
C:\4.tmp

FCopy::
c:\windows\erdnt\cache\ndis.sys | c:\windows\system32\drivers\ndis.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#39 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 08 November 2009 - 11:36 PM

ComboFix 09-11-08.03 - HP_Owner 11/09/2009 0:24.10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1499 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt

FILE ::
"C:\10.tmp"
"C:\11.tmp"
"C:\12.tmp"
"C:\13.tmp"
"C:\4.tmp"
"C:\5.tmp"
"C:\6.tmp"
"C:\B.tmp"
"C:\C.tmp"
"C:\D.tmp"
"C:\E.tmp"
"C:\F.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\10.tmp
C:\11.tmp
C:\12.tmp
C:\13.tmp
C:\14.tmp
C:\15.tmp
C:\16.tmp
C:\17.tmp
C:\18.tmp
C:\19.tmp
C:\1A.tmp
C:\1B.tmp
C:\1C.tmp
C:\4.tmp
C:\5.tmp
C:\6.tmp
C:\7.tmp
C:\9.tmp
C:\A.tmp
C:\B.tmp
C:\C.tmp
C:\D.tmp
C:\E.tmp
C:\F.tmp

.
--------------- FCopy ---------------

c:\windows\erdnt\cache\ndis.sys --> c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-08 03:49 . 2009-11-08 03:49 143976 ----a-w- c:\documents and settings\HP_Owner\Application Data\Move Networks\uninstall.exe
2009-11-06 17:37 . 2009-11-06 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 17:09 . 2004-08-04 05:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-06 17:09 . 2004-08-04 05:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-02 15:45 . 2009-11-02 15:45 -------- d-----w- c:\program files\ESET
2009-10-15 00:50 . 2009-11-08 03:49 5642688 ----a-w- c:\documents and settings\HP_Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\documents and settings\HP_Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 04:03 . 2008-01-27 06:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Move Networks
2009-11-06 17:37 . 2005-11-23 00:51 -------- d-----w- c:\program files\Java
2009-11-06 17:22 . 2005-11-23 01:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-06 16:29 . 2008-09-25 10:09 -------- d-----w- c:\program files\NavNet
2009-11-04 19:41 . 2006-01-31 11:42 406 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2009-11-04 15:57 . 2005-11-23 01:43 -------- d-----w- c:\program files\Google
2009-11-03 05:30 . 2005-12-09 00:40 -------- d-----w- c:\program files\Morpheus Ultra
2009-10-30 15:27 . 2008-03-20 19:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 05:54 . 2008-06-25 19:49 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-14 21:08 . 2005-11-23 01:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 18:54 . 2008-11-22 18:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-06-25 19:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 22:35 . 2009-08-19 22:35 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-19 22:35 . 2009-08-19 22:35 47360 ----a-w- c:\documents and settings\HP_Owner\Application Data\pcouffin.sys
2009-08-19 22:35 . 2009-08-19 22:35 47360 ----a-w- c:\documents and settings\HP_Owner\Application Data\pcouffin.sys
2009-08-19 22:25 . 2009-08-19 22:20 1 ----a-w- c:\windows\system32\Earth BluRay Ripper.dat
2009-08-19 22:24 . 2009-08-19 22:20 117696 ----a-w- c:\windows\system32\advddischlp.dll
2009-08-19 22:20 . 2009-08-19 22:20 89256 ----a-w- c:\windows\system32\elbycdio.dll
2009-08-19 22:20 . 2009-08-19 22:20 24232 ----a-w- c:\windows\system32\drivers\elbycdio.sys
2009-08-19 22:20 . 2009-08-19 22:20 103744 ----a-w- c:\windows\system32\drivers\anydvd.sys
2009-08-19 22:20 . 2009-08-19 22:20 1046464 ----a-w- c:\windows\system32\anydialog.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-06_18.16.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-09 00:17 . 2009-11-09 00:17 16384 c:\windows\temp\Perflib_Perfdata_a0.dat
+ 2009-11-09 00:17 . 2009-11-09 00:17 16384 c:\windows\temp\Perflib_Perfdata_410.dat
+ 2005-06-24 22:43 . 2009-11-09 00:22 97170 c:\windows\system32\perfc009.dat
- 2005-06-24 22:43 . 2009-11-06 18:01 97170 c:\windows\system32\perfc009.dat
+ 2005-06-24 22:43 . 2009-11-09 00:22 507834 c:\windows\system32\perfh009.dat
- 2005-06-24 22:43 . 2009-11-06 18:01 507834 c:\windows\system32\perfh009.dat
+ 2004-08-04 05:00 . 2004-08-04 05:00 182912 c:\windows\system32\dllcache\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-06 282624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-08-22 16384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2006-10-19 14:12 258048 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^..]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\..
backup=c:\windows\pss\..Startup

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_SZ c:\windows\system32\mscert.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Morpheus Ultra\\Morpheus.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 2003\\Updater.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 2003\\mainapp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 12:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/9/2007 2:09 PM 30720]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [7/22/2009 2:38 AM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [7/22/2009 2:38 AM 234888]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [8/19/2009 5:20 PM 66944]
R3 crtaud;Conexant Riptide WDM Audio Driver;c:\windows\system32\drivers\crtaud.sys [4/29/2008 5:37 PM 42112]
R3 rpfun;Conexant Riptide Dummy Driver;c:\windows\system32\drivers\rpfun.sys [4/29/2008 5:37 PM 3840]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;c:\windows\system32\drivers\rthwcls.sys [4/29/2008 5:37 PM 30720]
S2 gupdate1c8fdb016204386;Google Update Service (gupdate1c8fdb016204386);c:\program files\Google\Update\GoogleUpdate.exe [8/13/2008 8:50 PM 133104]
S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;c:\windows\system32\drivers\CenixFMC.sys [5/31/2006 11:49 AM 18660]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [11/15/2007 8:18 PM 572416]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-14 21:38]

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-14 21:38]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bestbuy.mvm.com/Core/Player/2020PlayerAX_Win32.cab
DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 00:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-11-09 0:34
ComboFix-quarantined-files.txt 2009-11-09 05:34
ComboFix2.txt 2009-11-06 19:27
ComboFix3.txt 2009-11-06 18:23

Pre-Run: 371,343,740,928 bytes free
Post-Run: 371,353,796,608 bytes free

- - End Of File - - 47352693108F0E5707ED3FBC52B97171

#40 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 09 November 2009 - 04:02 AM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC Now button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#41 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 09 November 2009 - 10:59 PM

Malwarebytes' Anti-Malware 1.41 Database version: 3137 Windows 5.1.2600 Service Pack 2 11/9/2009 11:59:23 PM mbam-log-2009-11-09 (23-59-23).txt Scan type: Quick Scan Objects scanned: 114268 Time elapsed: 3 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#42 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 10 November 2009 - 06:16 AM

Panda Scan Results ;******************************************************************************* ********************************************************************************* ******************* ANALYSIS: 2009-11-10 07:15:05 PROTECTIONS: 0 MALWARE: 40 SUSPECTS: 7 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@trafficmp[1].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@casalemedia[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@atdmt[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@247realmedia[1].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@fastclick[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@tribalfusion[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@mediaplex[1].txt 00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@www.myaffiliateprogram[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\9t8ng48w.default\cookies.txt[.com.com/] 00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\9t8ng48w.default\cookies.txt[.xiti.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@statcounter[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@ad.yieldmanager[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@apmebf[2].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@burstnet[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@bs.serving-sys[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@www.burstbeacon[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@advertising[1].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@statse.webtrendslive[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@ads.pointroll[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@overture[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@realmedia[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@questionmarket[2].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@zedo[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@bluestreak[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@go[2].txt 00213030 application/regclean32 HackTools No 0 Yes No hkey_current_user\software\registry cleaner 00213030 application/regclean32 HackTools No 0 Yes No c:\documents and settings\hp_owner\application data\registry cleaner 00213030 application/regclean32 HackTools No 0 Yes No hkey_current_user\software\registryoptimizer.com 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\9t8ng48w.default\cookies.txt[.atwola.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\documents and settings\hp_owner\cookies\hp_owner@atwola[1].txt 00629064 Generic Malware Virus/Trojan No 0 Yes No c:\tim\timnewcd\applications\morpheus30\morph20 00948556 W32/Protector.A Virus No 0 Yes No c:\qoobox\quarantine\c\windows\system32\drivers\ndis.sys.vir 00948556 W32/Protector.A Virus No 0 Yes No c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\rp486\a0099060.sys 00948556 W32/Protector.A Virus No 0 Yes No c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\rp486\a0099056.sys 01343147 Application/MyWay HackTools No 0 Yes No d:\i386\apps\app30992\src\hpsummer2005.exe 02279345 Adware/AntivirusSystemPro Adware No 0 Yes No c:\qoobox\quarantine\[4]-submit_2009-11-06_14.11.57.zip[iehelper.dll] 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\rp484\a0098544.sys 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\rp484\a0098711.sys 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\[4]-submit_2009-11-06_14.11.57.zip[ilywlxxf.exe] 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\rp484\a0098543.sys 03074964 Trj/CI.A Virus/Trojan No 0 No No c:\qoobox\quarantine\[4]-submit_2009-11-06_14.11.57.zip[wrjcmwbu.exe][install.exe] 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\drivers\84b782b3.sys.vir 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\drivers\_84b782b3_.sys.zip[84b782b3.sys] 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\[4]-submit_2009-11-06_14.11.57.zip[wrjcmwbu.exe] 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\drivers\_84b782b3_.sys.zip[84b782b3.sys.1] 03074964 Trj/CI.A Virus/Trojan No 0 No No c:\qoobox\quarantine\[4]-submit_2009-11-06_14.11.57.zip[ilywlxxf.exe][install.exe] 03541233 HackTool/Rebooter HackTools No 0 Yes No c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\rp484\a0098429.exe 03900910 Trj/Downloader.MDW Virus/Trojan No 1 Yes No c:\tim\timnewcd\applications\xcell\setup.exe 03930323 Trj/Rebooter.J Virus/Trojan No 0 Yes No c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\rp484\a0098422.exe 05564487 Trj/Buzus.AH Virus/Trojan No 1 Yes No c:\qoobox\quarantine\[4]-submit_2009-11-06_14.11.57.zip[cmxmwfg.exe] 05564487 Trj/Buzus.AH Virus/Trojan No 1 Yes No c:\qoobox\quarantine\[4]-submit_2009-11-06_14.11.57.zip[txgbaxl.exe] 05579495 Generic Trojan Virus/Trojan No 0 Yes No c:\qoobox\quarantine\[4]-submit_2009-11-06_14.11.57.zip[rycbgcq.exe] ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================= =================== No c:\hp\recovery\wizard\swr_wizard.exe No c:\qoobox\quarantine\[4]-submit_2009-11-06_14.11.57.zip[sgnmsysguard.exe] No c:\qoobox\quarantine\[4]-submit_2009-11-06_14.11.57.zip[isllv.exe] No c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\rp484\a0098452.com No c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\rp484\a0098456.com No c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\rp484\a0098700.exe No c:\windows\wpdsvr.exe ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================= =================== 214076 HIGH MS09-059 971486 HIGH MS09-058 214074 HIGH MS09-057 214073 HIGH MS09-056 214072 HIGH MS09-055 214071 HIGH MS09-054 213109 HIGH MS09-046 212494 HIGH MS09-042 212493 HIGH MS09-041 212490 HIGH MS09-038 212530 HIGH MS09-034 211784 HIGH MS09-032 211781 HIGH MS09-029 210625 HIGH MS09-026 210624 HIGH MS09-025 210621 HIGH MS09-022 210618 HIGH MS09-019 208380 HIGH MS09-015 208379 HIGH MS09-014 208378 HIGH MS09-013 208377 HIGH MS09-012 206981 HIGH MS09-007 206980 HIGH MS09-006 205735 HIGH MS09-002 204670 HIGH MS09-001 203806 HIGH MS08-078 203508 HIGH MS08-073 203505 HIGH MS08-071 196455 MEDIUM MS08-037 194862 HIGH MS08-032 ;=============================================================================== ================================================================================= ===================

#43 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 10 November 2009 - 07:34 AM

Hi,

Just a couple of files there to delete, the rest are in quarantine or old restore points.

Please navigate to the following files > right click and delete them:

c:\tim\timnewcd\applications\morpheus30\morph20
c:\tim\timnewcd\applications\xcell\setup.exe

Now use TFC

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.


NEXT

Please post a fresh DDS and Attach.txt and advise how your computer is running now and if there are any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#44 T.C.

T.C.

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 13 November 2009 - 01:23 AM

DDS (Ver_09-10-26.01) - NTFSx86
Run by HP_Owner at 2:21:20.45 on Fri 11/13/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1516 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy4\dvdaudio\CTDVDDET.EXE"
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bestbuy.mvm.com/Core/Player/2020PlayerAX_Win32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189652665921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189652621625
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {cafeefac-0016-0000-0017-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-11-10 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-1-9 30720]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-7-22 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-22 234888]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-8-19 66944]
R3 crtaud;Conexant Riptide WDM Audio Driver;c:\windows\system32\drivers\crtaud.sys [2008-4-29 42112]
R3 rpfun;Conexant Riptide Dummy Driver;c:\windows\system32\drivers\rpfun.sys [2008-4-29 3840]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;c:\windows\system32\drivers\rthwcls.sys [2008-4-29 30720]
S2 gupdate1c8fdb016204386;Google Update Service (gupdate1c8fdb016204386);c:\program files\google\update\GoogleUpdate.exe [2008-8-13 133104]
S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;c:\windows\system32\drivers\CenixFMC.sys [2006-5-31 18660]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2007-11-15 572416]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================

2009-11-10 05:01:50 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-10 05:01:45 0 d-----w- c:\program files\Panda Security
2009-11-06 18:04:12 98816 ----a-w- c:\windows\sed.exe
2009-11-06 18:04:12 77312 ----a-w- c:\windows\MBR.exe
2009-11-06 18:04:12 267264 ----a-w- c:\windows\PEV.exe
2009-11-06 18:04:12 161792 ----a-w- c:\windows\SWREG.exe
2009-11-06 17:37:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-06 17:37:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 17:09:05 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-06 17:09:05 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-06 16:03:35 0 --sha-w- C:\1872244670
2009-11-02 15:45:12 0 d-----w- c:\program files\ESET

==================== Find3M ====================

2009-11-04 19:41:52 406 ----a-w- c:\docume~1\hp_owner\applic~1\wklnhst.dat
2009-08-19 22:35:13 47360 ----a-w- c:\docume~1\hp_owner\applic~1\pcouffin.sys
2009-08-19 22:24:55 117696 ----a-w- c:\windows\system32\advddischlp.dll
2009-08-19 22:20:23 89256 ----a-w- c:\windows\system32\elbycdio.dll
2009-08-19 22:20:23 1046464 ----a-w- c:\windows\system32\anydialog.dll

============= FINISH: 2:21:47.71 ===============







DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/8/2005 6:35:59 PM
System Uptime: 11/13/2009 2:16:46 AM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | LITHIUM
Processor: Intel® Pentium® D CPU 3.20GHz | Socket 775 | 3200/200mhz
Processor: Intel® Pentium® D CPU 3.20GHz | Socket 775 | 3200/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 458 GiB total, 345.725 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.161 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Airlink101 Wireless PCI Adapter
Device ID: PCI\VEN_1814&DEV_0701&SUBSYS_3C8D1948&REV_00\4&1AF1648C&0&30F0
Manufacturer: Airlink
Name: Airlink101 Wireless PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0701&SUBSYS_3C8D1948&REV_00\4&1AF1648C&0&30F0
Service: RT80x86

==== System Restore Points ===================

RP484: 11/6/2009 1:44:13 PM - System Checkpoint
RP485: 11/7/2009 9:58:12 PM - System Checkpoint
RP486: 11/8/2009 9:40:14 PM - System Checkpoint
RP487: 11/9/2009 10:33:09 PM - System Checkpoint
RP488: 11/11/2009 12:48:27 PM - System Checkpoint
RP489: 11/12/2009 6:49:40 PM - System Checkpoint

==== Installed Programs ======================


3100_3200_3300_Help
3100_3200_3300trb
3300
Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader 9.2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
Advanced System Optimizer 2.10
AGEIA PhysX v2.3.3
Agere Systems PCI Soft Modem
AiO_Scan_CDA
AiOSoftwareNPI
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Instant Messenger
ArmorIE Setup
AT&T Yahoo! Internet Mail
AVG Anti-Spyware 7.5
BroadJump Client Foundation
Brunswick Circuit Pro Bowling
BufferChm
Canon Camera Access Library
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
Canon Digital Camera USB WIA Driver
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Comcast High-Speed Internet Install Wizard
ComcastSUPPORT
ConvertXtoDVD 3.8.0.193d
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Creative MediaSource
Creative MediaSource 5
Creative MuVo N200 Media Explorer
CueTour
Desktop Doctor
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DivX Content Uploader
DivX Web Player
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
DreamStation DXi2
EA Link
EA SPORTS online 2007
Easy Internet Sign-up
eMedia Card Designer
ESET Online Scanner v3
eSupportQFolder
Evolis Dualys3 version 10.0.10.2
Fax_CDA
FEAR
FullDPAppQFolder
GameShadow
GameTap
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)
Ghost Recon Advanced Warfighter
Gift,The Prize Draw Software 6.0
Google Gears
Google Update Helper
GTA San Andreas
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hitman Blood Money
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Deskjet Printer Preload
HP Document Viewer 5.3
HP Driver Diagnostics
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Organize
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
HpSdpAppCoreApp
ImgBurn
InstantShareDevices
Intel® PRO Network Connections Drivers
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
IrfanView (remove only)
ItsDeductible Express
iTunes
Java™ 6 Update 17
Kaspersky Online Scanner
LightScribe 1.4.42.1
LimeWire PRO 4.12.3
Madden NFL 07
Madden NFL 2003
Malwarebytes' Anti-Malware
Memturbo™ 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Desktop Engine
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Morpheus Ultra 5.3 (remove only)
Move Media Player
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Music Creator Pro24 2004
muvee autoProducer 4.0
MuVo Driver
NavNet
Nero OEM
neroxml
NetZero Internet
NewCopy_CDA
NHL® 08
NHL® 2003
NHL07
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
Office 2003 Tour
Palm Desktop by ACCESS
Panda ActiveScan 2.0
PanoStandAlone
PatronPal 3.1
PC-Doctor 5 for Windows
PhotoGallery
Pinnacle Instant DVD Recorder
Power Voice II
proDAD Heroglyph 2.5
proDAD Vitascene 1.0
ProductContextNPI
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
Quicken 2005
QuickTime
RandMap
Readme
RealPlayer
Registry Cleaner 4.0
SafeCast Shared Components
Salon Iris
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Scan
ScannerCopy
Scarface: The World is Yours
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SimCity 3000
SkinsHP1
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Sound Blaster Audigy 4
SoundSoap PE
Spybot - Search & Destroy
Status
Studio 11
Studio 11 Bonus DVD
Studio 11 Ultimate
Suite Specific
SUPERAntiSpyware Free Edition
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 University
TrayApp
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmiiper
TurboTax 2008 wrapper
TurboTax Deluxe 2002
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Updates from HP (remove only)
VCRedistSetup
Virtual Sound Canvas DXi
Vuze
Vuze Toolbar
Wal-Mart Music Downloads Store
WavePad Uninstall
WebFldrs XP
WebReg
WinAVI Video Capture 2.0
WinAVIVideoConverter
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
XML Paper Specification Shared Components Pack 1.0
Yahoo! Desktop Login
Yahoo! Install Manager
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

11/13/2009 2:11:50 AM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
11/13/2009 2:11:50 AM, error: Service Control Manager [7034] - The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has done this 1 time(s).
11/13/2009 2:11:50 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/13/2009 2:11:50 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
11/13/2009 2:11:50 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
11/13/2009 2:11:50 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/13/2009 2:11:50 AM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
11/13/2009 2:11:50 AM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/13/2009 2:11:49 AM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
11/13/2009 2:11:49 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
11/13/2009 2:11:49 AM, error: Service Control Manager [7034] - The C-DillaCdaC11BA service terminated unexpectedly. It has done this 1 time(s).
11/13/2009 2:11:49 AM, error: Service Control Manager [7034] - The AVG Anti-Spyware Guard service terminated unexpectedly. It has done this 1 time(s).
11/13/2009 2:11:49 AM, error: Service Control Manager [7034] - The Adobe Version Cue CS2 service terminated unexpectedly. It has done this 1 time(s).
11/13/2009 2:11:49 AM, error: Service Control Manager [7031] - The ASKUpgrade service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/13/2009 2:11:49 AM, error: Service Control Manager [7031] - The ASKService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/12/2009 12:00:55 PM, error: Service Control Manager [7034] - The MSSQLSERVER service terminated unexpectedly. It has done this 1 time(s).
11/12/2009 11:57:58 AM, error: Service Control Manager [7022] - The MSSQLSERVER service hung on starting.

==== End Of File ===========================

#45 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 13 November 2009 - 06:05 AM

Hi,

One file to delete then you are good to go.

Please do the following:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c del /f/a/q \"C:\\1872244670\"


NEXT


  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.


Posted Image


Now follow the previous recommendations provided.

Hopefully, things should be good this time :)

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users