Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Clock keeps reseting to 12 April 2016!


  • This topic is locked This topic is locked
141 replies to this topic

#91 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 14 November 2009 - 05:43 PM

McAfee can be a real PITA when trying to run some of our tools. It might prove to be a big help if you could uninstall it and reboot, then try running ComboFix again. If you purchased McAfee, you'll need to make sure you have saved the license number for it to re-install/re-activate.
Dave

    Advertisements

Register to Remove


#92 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 14 November 2009 - 07:04 PM

I switched mcafee off and ran combo fix again, it installed microsoft recovary console and got to stage 51 (in the command prompt) but then it switched off, mckafee came on again and said that adware needed to be blocked. Does combofix usually close like that? I rebooted (as the only thing I could bring up on the screen was task manager) , before it logged on I had a windows screen saying something about having a dirty hard drive. When it logged on my documents opened up by itself (it has done that a few times now) and internet suddenly closed without warning. Do I need to run combofix again? (I shall de-install mckfee this time)

#93 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 14 November 2009 - 07:08 PM

Yes, please uninstall McAfee and run ComboFix again.
Dave

#94 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 15 November 2009 - 07:17 AM

Hi, I un-installed mcfee, but each time I click on combofix now it doesn't seem to do anything (it shows combofix loading and then says that windows cannot open the file nircmd.cfxxxe - 3 times)

#95 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 15 November 2009 - 07:20 AM

Delete the Combofix icon from your desktop.

Redownload Combofix from any of the links below, to your desktop.

Link 1
Link 2

Run Combofix.exe, and post the log produced.
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#96 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 15 November 2009 - 09:39 AM

hi, I reloaded combofix but it is still saying that windows cannot open the file nircmd.cfxxxe, and then it does'nt do anything

#97 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 15 November 2009 - 09:51 AM

Please click Start>Run, type cmd then hit Enter to open a command window.
Highlight and copy the contents of the code box below then right click in the command window and select Paste.

cd desktop
dir C:\ >look.txt
start notepad look.txt
exit
cls

The command window will close on it's own and look.txt will open.
Please post it's contents.
Dave

#98 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 15 November 2009 - 09:52 AM

Additionally, see if dds will run.
If so, please post it's log.
Dave

#99 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 15 November 2009 - 10:05 AM

Volume in drive C has no label. Volume Serial Number is 1403-B6F1 Directory of C:\ 06/09/2009 08:14 <DIR> 27cf9aafd246da765515df490b253e11 16/11/2009 03:13 <DIR> 32788R22FWJFW 14/07/2008 21:42 0 AdobeDebug.txt 09/05/2008 19:30 <DIR> Apex 16/08/2005 03:43 0 AUTOEXEC.BAT 11/11/2009 12:06 244 Boot.bak 15/11/2009 11:09 358 Bug.txt 03/08/2004 23:00 260,272 cmldr 19/10/2009 09:32 <DIR> Config.Msi 16/08/2005 03:43 0 CONFIG.SYS 13/11/2009 14:48 26,746 DDS.txt 06/09/2007 17:44 <DIR> dell 06/11/2009 21:57 32,768 didx.exe 06/11/2009 21:57 91,648 dnpevj.exe 19/10/2009 09:38 <DIR> Documents and Settings 05/09/2009 12:23 <DIR> Downloads 08/05/2006 17:45 <DIR> drivers 13/09/2009 08:57 <DIR> games 27/06/2006 21:39 <DIR> i386 17/04/2008 10:34 4,128 INFCACHE.1 07/07/2009 15:08 1,804 JavaRa.log 19/10/2009 13:11 <DIR> multiAVCHD 29/07/2008 14:26 13,030 PDOXUSRS.NET 11/07/2009 21:20 <DIR> PHOTO 15/11/2009 10:55 <DIR> Program Files 04/07/2009 11:11 <DIR> ProgramData 29/09/2009 10:14 <DIR> Python26 07/11/2009 14:02 <DIR> Qoobox 17/12/2008 10:57 184 setuplog.exe 11/11/2009 08:22 <DIR> Temp 15/11/2009 11:22 <DIR> WINDOWS 03/05/2009 08:40 <DIR> WTablet 13 File(s) 431,182 bytes 19 Dir(s) 33,666,859,008 bytes free

#100 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 15 November 2009 - 10:10 AM

dds log files dds DDS (Ver_09-09-29.01) - NTFSx86 Run by fabi at 16:06:25.82 on 15/11/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.288 [GMT 0:00] AV: Prevx 3.0 *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\ehome\RMSvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\ehome\RMSysTry.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\32788R22FWJFW\cmd.cfxxe C:\32788R22FWJFW\SWREG.cfxxe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\Documents and Settings\fabi\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.tiscali.co.uk/broadband uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe, BHO: {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [AdobeBridge] uRun: [rundll32.exe] uRun: [WAB] c:\documents and settings\fabi\application data\macromedia\common\81d6602c19.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [BuildBU] c:\dell\bldbubg.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [NWEReboot] mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [WinsysMon] c:\program files\common files\openfile.exe mRun: [Otenowaqifih] rundll32.exe "c:\windows\uhihekevasuqeru.dll",Startup dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\fabi\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE uPolicies-explorer: nofolderoptions = 1 (0x1) IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000 IE: Extract Flash Video with Bytescout... - c:\program files\bytescout swf to video scout\flashextract_ie.html IE: {11C91DA0-5258-4B2F-96C6-6A531C0E0DD7} - c:\program files\bytescout swf to video scout\flashextract_ie.html IE: {BBE87EC9-5D71-483A-99E0-DEE4DF3E466C} - c:\program files\bytescout swf to video scout\flashextract_ie.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Dream%20Day%20Wedding%20-%20Viva%20Las%20Vegas/Images/stg_drm.ocx DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab TCP: {C60B833C-14A8-4681-AFDE-164B6F39BBE0} = 212.139.132.56 212.139.132.57 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 nwprovau LSA: Notification Packages = scecli diepunkv.dll ============= SERVICES / DRIVERS =============== R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-4-22 22024] R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-4-22 27656] R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2003-12-19 6656] R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2009-9-14 58856] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2009-9-14 333928] R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2009-9-14 967912] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-4-12 1373480] S2 CSIScanner;CSIScanner; [x] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000] =============== Created Last 30 ================ 2009-11-15 00:37 50,176 a------- c:\windows\system32\proquota.exe 2009-11-15 00:37 50,176 a------- c:\windows\system32\dllcache\proquota.exe 2009-11-14 23:48 <DIR> a-dshr-- C:\cmdcons 2009-11-14 23:22 118 a------- c:\windows\system32\MRT.INI 2009-11-13 20:52 389,120 a------- c:\windows\system32\cmd.execf 2009-11-13 18:44 96,512 a------- c:\windows\system32\drivers\atapi.sys.vir 2009-11-07 14:10 56,320 a------- c:\windows\system32\OLDC.tmp 2009-11-07 14:05 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-07 14:05 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-11-07 14:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-11-07 14:03 77,312 a------- c:\windows\MBR.exe 2009-11-07 14:03 260,608 a------- c:\windows\PEV.exe 2009-11-07 14:03 161,792 a------- c:\windows\SWREG.exe 2009-11-07 14:03 98,816 a------- c:\windows\sed.exe 2009-11-07 13:34 36 a------- c:\windows\rasqervy.dll 2009-11-07 13:33 7 a------- c:\windows\sdfinacs.dll 2009-11-07 00:05 5 a------- c:\windows\sdfixwcs.dll 2009-11-06 22:03 0 a----r-- c:\windows\Mtabimeqaguvimup.bin 2009-11-06 22:03 120 a------- c:\windows\Rsupiqefameteqar.dat 2009-11-06 21:58 0 a----r-- c:\windows\win32k.sys 2009-11-06 21:57 32,768 a------- C:\didx.exe 2009-11-06 21:57 91,648 a------- C:\dnpevj.exe 2009-11-06 21:57 21,504 ---sh--- c:\docume~1\fabi\applic~1\sysint.exe 2009-11-06 21:57 98,304 ---sh--- c:\docume~1\fabi\applic~1\excom.exe 2009-11-06 09:03 99,486 ---sh--- c:\docume~1\fabi\applic~1\vnsys.exe 2009-11-06 09:03 101,396 ---sh--- c:\docume~1\fabi\applic~1\updateset.exe 2009-11-06 09:03 126,119 ---sh--- c:\docume~1\fabi\applic~1\sysdrive.exe 2009-11-06 09:03 165,796 ---sh--- c:\docume~1\fabi\applic~1\opdriver.exe 2009-11-06 09:03 105,019 ---sh--- c:\docume~1\fabi\applic~1\gload.exe 2009-11-05 17:16 <DIR> --d----- c:\program files\Big City Adventure - New York City 2009-11-04 12:37 54,156 a---h--- c:\windows\QTFont.qfn 2009-11-04 12:37 1,409 a------- c:\windows\QTFont.for 2009-10-27 01:31 143,360 ---sh--- c:\program files\common files\openfile.exe 2009-10-19 12:54 <DIR> --d----- C:\multiAVCHD ==================== Find3M ==================== 2009-10-21 04:08 3,598,336 -------- c:\windows\system32\dllcache\mshtml.dll 2009-10-01 14:02 19,944 a------- c:\program files\common files\fufuwubuha._dl 2009-10-01 14:02 19,428 a------- c:\program files\common files\iluqic.ban 2009-10-01 14:02 17,957 a------- c:\windows\system32\bysebiz.pif 2009-10-01 14:02 17,513 a------- c:\program files\common files\ybecawy.db 2009-10-01 14:02 17,247 a------- c:\docume~1\alluse~1\applic~1\mizasy.bin 2009-10-01 14:02 14,939 a------- c:\windows\system32\yzyn.scr 2009-10-01 14:02 14,503 a------- c:\program files\common files\utylimykow.dat 2009-10-01 14:02 13,432 a------- c:\windows\oposydy.bin 2009-10-01 14:02 11,590 a------- c:\windows\system32\ynof.dat 2009-10-01 14:02 10,462 a------- c:\windows\system32\limuhemor.exe 2009-10-01 08:32 18,693 a------- c:\docume~1\alluse~1\applic~1\esam.pif 2009-10-01 08:32 19,336 a------- c:\program files\common files\emiquxut.ban 2009-10-01 08:32 14,618 a------- c:\program files\common files\etena.dl 2009-10-01 08:32 11,921 a------- c:\docume~1\fabi\applic~1\qijufofoci.bin 2009-10-01 08:32 10,625 a------- c:\windows\wozem.dat 2009-10-01 08:32 19,496 a------- c:\program files\common files\ovamovi.bin 2009-10-01 08:32 18,044 a------- c:\windows\ovap.bin 2009-10-01 08:32 13,549 a------- c:\windows\tifupacov.bin 2009-09-30 19:47 37,824 ac------ c:\docume~1\fabi\applic~1\GDIPFONTCACHEV1.DAT 2009-09-11 14:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-11 14:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll 2009-09-04 21:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-09-04 21:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll 2009-09-01 16:01 278,528 a------- c:\windows\SYCLicense_090901.dll 2009-08-28 10:28 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-08-28 10:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-08-27 05:18 634,648 -------- c:\windows\system32\dllcache\iexplore.exe 2009-08-27 05:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-08-26 08:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-26 08:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll 2009-07-15 21:23 134 a---h--- c:\docume~1\fabi\applic~1\lakerda1967.sys 2009-03-21 14:06 129,024 ---sh--- c:\docume~1\fabi\applic~1\rnfiles.exe 2009-03-21 14:06 105,019 ---sh--- c:\docume~1\fabi\applic~1\loader.exe 2009-03-21 14:06 99,840 ---sh--- c:\docume~1\fabi\applic~1\driverload.exe 2008-03-02 21:55 0 ac------ c:\program files\temp01 ============= FINISH: 16:08:46.26 =============== attach UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-09-29.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 05/09/2007 18:15:18 System Uptime: 15/11/2009 11:06:37 (5 hours ago) Motherboard: Dell Inc. | | 0YD479 Processor: Genuine Intel® CPU T2300 @ 1.66GHz | Microprocessor | 1662/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 87 GiB total, 31.353 GiB free. D: is CDROM (CDFS) E: is CDROM (UDF) G: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {36FC9E60-C465-11CF-8056-444553540000} Description: USB Mass Storage Device Device ID: USB\VID_08EC&PID_0012\1800CA4080324F6B Manufacturer: Compatible USB storage device Name: USB Mass Storage Device PNP Device ID: USB\VID_08EC&PID_0012\1800CA4080324F6B Service: USBSTOR Class GUID: Description: Device ID: ROOT\LEGACY_BEEP\XX_NWCWORKSTATION_XX Manufacturer: Name: PNP Device ID: ROOT\LEGACY_BEEP\XX_NWCWORKSTATION_XX Service: NWCWorkstation ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== µTorrent 517142 - ZBrush (Windows) (Shared Components) Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Help Center 2.1 Adobe Media Player Adobe Photoshop CS2 Adobe Reader 7.0.7 Adobe Shockwave Player 11.5 Adobe Stock Photos 1.0 Amazon MP3 Downloader 1.0.8 ArtRage 2 ATI Display Driver Audacity 1.2.6 AusLogics Disk Defrag AVS Update Manager 1.0 AVS Video Converter 6 AVS4YOU Software Navigator 1.3 Big Fish Games Client Bytescout SWF To Video Scout Candy Land - Dora the Explorer Edition Canon MP Navigator EX 1.2 Canon MP190 series MP Drivers Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu CardRecovery 5.20 CLUE Classic Conexant HDA D110 MDC V.92 Modem Critical Update for Windows Media Player 11 (KB959772) Dell Support 5.0.0 (630) Dell System Restore Digital Line Detect DivX Content Uploader DivX Web Player Dora Backpack Dora the Explorer - Lost City Dream Day First Home Dream Day Wedding Dream Day Wedding - Viva Las Vegas Dream Day Wedding - Viva Las Vegas 1.00 DVD Flick EA Download Manager EASEUS Data Recovery Wizard Professional 4.3.6 G6 U-DISK Manager Uninstall GemMaster Mystic High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Intel® PROSet/Wireless Software Java™ 6 Update 14 Logitech QuickCam Logitech QuickCam Driver Package Magic ISO Maker v5.4 (build 0239) Magic ISO Maker v5.5 (build 0268) MagicDisc 2.7.105 Malwarebytes' Anti-Malware Martine ą la ferme mCore MCU mDrWiFi Media Center Extender MeshLab 1.2.2 mHlpDell Micro Application - Martine ą la montagne Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional with FrontPage Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Works 7.0 Microsoft WSE 3.0 Runtime Microsoft XML Parser mIWA mLogView mMHouse Modem Helper mPfMgr mPfWiz mProSafe mSSO mWlsSafe mWMI mXML Mystery Chronicles: Murder Among Friends mZConfig Nancy Drew: Warnings at Waverly Academy Nero 7 Essentials neroxml NetWaiting NVIDIA PureVideo Decoder OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 PDF Manual NW-E010 Series PDFCreator PDFCreator Toolbar Pen Tablet Poser Pro PowerDVD 5.7 ProtectDisc Driver, Version 11 Python 2.6.2 Quick Screen Capture 3.0 QuickTime Rapport RealPlayer RegCure 1.6.0.0 SAGEM F@st 800-840 Search Assist Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Skype web features Skype™ 4.1 Sonic Audio Module Sonic CinePlayer Sonic Copy Module Sonic Data Module Sonic DLA Sonic Encoders Sonic MyDVD LE Sonic Update Manager SonicStage 4.3 SpywareBlaster 4.2 Synaptics Pointing Device Driver The Sims™ 3 TomTom HOME 2.5.2.60 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 UploadScaler 1.1 VAIO music transfer 1.2 VCRedistSetup VideoLAN VLC media player 0.8.6d Viewpoint Media Player Wanadoo Europe Installer WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Connect Windows Media Format 11 runtime Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] Windows Media Player 11 Windows XP Media Center Edition 2005 KB905589 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WinPcap 4.0 WinRAR archiver Womens Murder Club a Darker Shade of Grey 1.00 Xvid 1.1.3 final uninstall XviD MPEG-4 Codec Yahoo! Toolbar ZBrush3 ==== Event Viewer Messages From Past Week ======== 14/11/2009 23:41:13, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 14/11/2009 23:41:09, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 14/11/2009 23:41:04, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program. 14/11/2009 23:40:55, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 14/11/2009 23:23:34, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Malicious Software Removal Tool - November 2009 (KB890830). 14/11/2009 23:12:23, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s). 13/11/2009 21:06:18, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows CardSpace service to connect. 13/11/2009 21:06:18, error: Service Control Manager [7000] - The Windows CardSpace service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 13/11/2009 20:55:45, error: W32Time [34] - The time service has detected that the system time needs to be changed by +93693 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|88.104.54.161:123->207.46.232.182:123) is working properly. 13/11/2009 20:02:00, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified. 13/11/2009 20:02:00, error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: Incorrect function. 13/11/2009 20:02:00, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The operation completed successfully. 13/11/2009 20:02:00, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 13/11/2009 20:02:00, error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The system cannot find the path specified. 13/11/2009 20:01:40, error: SRService [104] - The System Restore initialization process failed. ==== End Of File ===========================

    Advertisements

Register to Remove


#101 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 15 November 2009 - 10:17 AM

Open the Task Manager, select the Processes tab, then end process on the following items. uTorrent.exe cmd.cfxxe SWREG.cfxxe *any other process with cfxxe extension Next, delete the folder C:\32788R22FWJFW Try running ComboFix again.
Dave

#102 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 16 November 2009 - 04:09 AM

Hi Dave, I did what you said, I waited a long time yesterday - combofix was stuck on finding recovary console. I Then tried again today and got the BSOD, when I restarted it managed to go back onto windows but it seems it is doing the same thing it did last time I was not able to boot up - I had about ten different error messages - saying windows had to close 'b' and 'c' and erox (though I may have misspelt that.) Another has just popped up saying 'data excution prevention - windows had to close 50111' Do I run combofix again? (keeping in mind that when I originally ran it, it was unable to boot up again after)

#103 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 16 November 2009 - 04:11 AM

Try this program instead... :)

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#104 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 16 November 2009 - 04:12 AM

I also have a fake anti virus program popping up (which I never installed) - though this could be because I un-installed mcfee and have no anti virus protection?

#105 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 16 November 2009 - 04:14 AM

I'm trying to download OTL to my desktop - but my desktop seems to have dissapeared!!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users