Tech Support Forum banner

combofix may have iced my system

Jump to Latest Follow
Status
Not open for further replies.
1 - 2 of 2 Posts
S

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 · (Edited by Moderator)
I ran combofix, as I have under supervision many times before, and this time it is hung up with a "windows - no disk" Exception Processing Message c0000013 Parameter 75b6bf9c 4 75b6bf9c 75b6bf9c. I click on cancel, try again or continue buttons and it beeps and nothing else.

Am I one of those 1 in a hundred computers that is not making it thru?

I can't run any of the other steps you recommend before posting a logfile. I am posting this from my laptop. Any advice? I am hesitant to restart the computer while Combofix is still supposedly "Preparing Log Report"

Please let me know if you can help.:sigh:

OK, combofix finally finished (sigh), I got the pop up window to go away and i got a logfile. I now have a desktop that has a banner in the middle "WARNING! SPYWARE DETECTED ON YOUR COMPUTER. INSTALL AN ANTIVIRUS OR SPYWARE REMOVER TO CLEAN YOUR COMPUTER"

I will follow the five steps as outlined and get back to you. I will still need your help, and promise not to run combofix on my own ever again.

Ran the 5 steps, but Spyware Blaster would not load on my system, it said it did not have permission to overwrite a file (MSIDOC), even though I am logged in as admin. Spyware Blaster recommended an abort or retry, but I had to abort. I tried it again and still no luck.

Here's the DSS main scan, extra.txt attached, as well as ActiveScan log.

Deckard's System Scanner v20071014.68
Run by Christopher Blunt on 2008-06-09 09:51:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
26: 2008-06-09 17:51:17 UTC - RP319 - Deckard's System Scanner Restore Point
25: 2008-06-09 06:24:40 UTC - RP318 - Removed WS_FTP Home
24: 2008-06-09 06:03:05 UTC - RP317 - Removed VZDRIVE.
23: 2008-06-09 06:02:47 UTC - RP316 - Removed VZDRIVE.
22: 2008-06-09 06:00:40 UTC - RP315 - Removed NinjaVideo Helper


-- First Restore Point --
1: 2008-05-15 06:24:02 UTC - RP294 - Installed 3DSeXVilla Crack 30.001


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).
System Drive C: has 17.04 GiB (less than 15%) free.


-- HijackThis (run as Christopher Blunt.exe) -----------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-09 09:55:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\QuickBooks Online Backup\AGENTSRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes-new\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Adobe\Distillr\acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
C:\Program Files\QuickBooks Online Backup\CBSysTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Documents and Settings\Christopher Blunt\Desktop\Computer cleanup programs\dss.exe
C:\Documents and Settings\Christopher Blunt\Desktop\Computer cleanup programs\hijackthis\Christopher Blunt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C613CE22-151C-4331-94FF-F113A153F66D} - error (file missing)
O2 - BHO: (no name) - {E6CDACA0-D369-41FB-9313-EEEA1B5BB0A0} - C:\Program Files\MSN Gaming Zone\mevohC:\WINDOWS\system32\i2\mper83122.exe.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes-new\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe -minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - Startup: QuickBooks Online Backup TaskBar Icon.LNK = C:\Program Files\QuickBooks Online Backup\OLSysTray.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O4 - Global Startup: QuickBooks Online Backup TaskBar Icon.LNK = C:\Program Files\QuickBooks Online Backup\CBSysTray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Shortcut to AcroTray.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177481128687
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{6485984E-7198-4290-A8A0-1746EBD126F5}: NameServer = 192.168.1.1,4.2.2.1
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\QuickBooks Online Backup\AGENTSRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O24 - Desktop Component 0: - C:\Program Files\Windows NT\rteqeprak.html

--
End of file - 14890 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\CHRIST~1\Desktop\COMPUT~1\HIJACK~1\backups\) --------------------------------------------------------------------------------

backup-20070521-105127-363 O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\nnolmj.dll",setvm
backup-20070521-105127-457 O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
backup-20070521-105127-583 O2 - BHO: (no name) - {64617462-9da1-4f8c-8842-3abad9380056} - C:\WINDOWS\system32\mlanmgr.dll (file missing)
backup-20070521-105127-599 O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
backup-20070521-105127-608 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
backup-20070521-105127-634 O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
backup-20070521-105127-758 O4 - HKLM\..\Run: [mstsc] C:\a.exe
backup-20070521-105127-853 R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20070521-105142-750 O20 - Winlogon Notify: MT4173a0 - MT4173a0.dll (file missing)
backup-20070521-105142-763 O20 - Winlogon Notify: mlanmgr - mlanmgr.dll (file missing)
backup-20070714-083332-183 O2 - BHO: (no name) - {EB167C5D-74E4-4EB4-90D7-CDDC356C0BBD} - (no file)
backup-20070714-083332-515 O2 - BHO: (no name) - {BD995DE5-2A73-4b82-A161-327DD0ECB3A3} - (no file)

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - NOTEPAD.EXE %1
.reg - regfile - shell\edit\command - NOTEDAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 DbgMsg (Debug Message) - c:\windows\system32\drivers\dbgmsg.sys <Not Verified; Compuware Corporation - NuMega Lab; DriverStudio>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 MT4178a5 (ASUS PCI controller) - c:\windows\system32\mt4178a5.sys (file missing)
S3 BW2NDIS5 - c:\windows\system32\drivers\bw2ndis5.sys (file missing)
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 FTD2XX (FTD2XX.SYS FT8U2XX device driver) - c:\windows\system32\drivers\ftd2xx.sys <Not Verified; FTDI Ltd.; FT8U232AX>
S3 Ser2pl (Prolific Serial port driver) - c:\windows\system32\drivers\ser2pl.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable>
S3 TASCAM_US122144 (TASCAM USB 2.0 Audio Device driver) - c:\windows\system32\drivers\tascusb2.sys <Not Verified; TASCAM; TASCAM USB 2.0 Driver>
S3 TASCAM_US144_MIDI (TASCAM US-144 WDM MIDI Device) - c:\windows\system32\drivers\tscusb2m.sys <Not Verified; TASCAM; TASCAM US-122L/144 WDM MIDI Driver>
S3 TASCAM_US144_WDM (TASCAM US-144 WDM) - c:\windows\system32\drivers\tscusb2a.sys <Not Verified; TASCAM; TASCAM US-122L/144 WDM Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AgentSrv (Connected Agent Service) - c:\program files\quickbooks online backup\agentsrv.exe -asv <Not Verified; Connected Corporation; Connected DataProtector>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007>
S4 QBCFMonitorService - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\357AB7132000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\357AB7132000
Service: NIC1394

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2D2D400&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2D2D400&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-06-09 09:00:00 350 --a------ C:\WINDOWS\Tasks\At35.job
2008-06-09 08:00:00 350 --a------ C:\WINDOWS\Tasks\At34.job
2008-06-09 07:00:00 350 --a------ C:\WINDOWS\Tasks\At33.job
2008-06-09 06:00:00 350 --a------ C:\WINDOWS\Tasks\At32.job
2008-06-09 05:00:00 350 --a------ C:\WINDOWS\Tasks\At31.job
2008-06-09 04:00:00 350 --a------ C:\WINDOWS\Tasks\At30.job
2008-06-09 03:00:00 350 --a------ C:\WINDOWS\Tasks\At29.job
2008-06-09 02:00:00 350 --a------ C:\WINDOWS\Tasks\At28.job
2008-06-09 01:00:00 350 --a------ C:\WINDOWS\Tasks\At27.job
2008-06-09 00:00:00 350 --a------ C:\WINDOWS\Tasks\At26.job
2008-06-08 23:00:00 350 --a------ C:\WINDOWS\Tasks\At49.job
2008-06-08 22:00:00 350 --a------ C:\WINDOWS\Tasks\At48.job
2008-06-08 21:00:00 350 --a------ C:\WINDOWS\Tasks\At47.job
2008-06-08 20:00:01 350 --a------ C:\WINDOWS\Tasks\At46.job
2008-06-08 19:00:00 350 --a------ C:\WINDOWS\Tasks\At45.job
2008-06-08 18:00:00 350 --a------ C:\WINDOWS\Tasks\At44.job
2008-06-08 17:00:00 350 --a------ C:\WINDOWS\Tasks\At43.job
2008-06-08 16:00:00 350 --a------ C:\WINDOWS\Tasks\At42.job
2008-06-08 15:00:00 350 --a------ C:\WINDOWS\Tasks\At41.job
2008-06-08 14:00:00 350 --a------ C:\WINDOWS\Tasks\At40.job
2008-06-08 13:00:00 350 --a------ C:\WINDOWS\Tasks\At39.job
2008-06-08 12:00:00 350 --a------ C:\WINDOWS\Tasks\At38.job
2008-06-08 11:00:00 350 --a------ C:\WINDOWS\Tasks\At37.job
2008-06-08 10:00:00 350 --a------ C:\WINDOWS\Tasks\At36.job


-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-08 22:46:46 0 d-------- C:\WINDOWS\LastGood
2008-06-08 22:44:37 0 d-------- C:\Program Files\Panda Security
2008-06-08 21:01:22 68096 --a------ C:\WINDOWS\zip.exe
2008-06-08 21:01:22 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-08 21:01:22 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-08 21:01:22 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-08 21:01:22 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-08 21:01:22 98816 --a------ C:\WINDOWS\sed.exe
2008-06-08 21:01:22 80412 --a------ C:\WINDOWS\grep.exe
2008-06-08 21:01:22 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-08 18:52:00 0 d-------- C:\Documents and Settings\Christopher Blunt\Application Data\shct41j0el8j
2008-06-08 18:50:32 52736 --a------ C:\WINDOWS\system32\blphcr41j0el8j.scr <Not Verified; Peter's Productions; Bugs!>
2008-06-02 19:50:47 0 d-------- C:\Program Files\NinjaVideo
2008-05-14 22:22:44 0 d-------- C:\Documents and Settings\Christopher Blunt\Application Data\Oxin's Style!


-- Find3M Report ---------------------------------------------------------------

2008-06-09 00:07:06 0 d-------- C:\Program Files\QuickBooks Online Backup
2008-06-08 22:24:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-08 22:01:34 0 d-------- C:\Program Files\Video Strip Poker
2008-06-08 20:35:41 0 d-------- C:\Documents and Settings\Christopher Blunt\Application Data\Azureus
2008-06-08 18:27:21 0 d-------- C:\Documents and Settings\Christopher Blunt\Application Data\Adobe
2008-06-07 20:24:53 0 d-------- C:\Documents and Settings\Christopher Blunt\Application Data\Macromedia
2008-06-03 18:11:59 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-16 13:43:03 0 d-------- C:\Documents and Settings\Christopher Blunt\Application Data\AdobeUM
2008-05-14 22:24:04 0 d-------- C:\Program Files\thriXXX
2008-05-03 21:06:30 20480 --a------ C:\WINDOWS\quit.exe <Not Verified; ert fdgbh egef bf ds; dsf rty43 fgb dfgdsr>
2008-05-03 00:23:39 0 d-------- C:\Program Files\Azureus
2008-05-02 22:20:49 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-02 22:20:48 12288 --a------ C:\WINDOWS\o4x.exe
2008-05-02 19:56:34 0 d-------- C:\Documents and Settings\Christopher Blunt\Application Data\U3
2008-04-29 18:24:44 56936 --a------ C:\Documents and Settings\Christopher Blunt\Application Data\GDIPFONTCACHEV1.DAT
2008-04-26 20:21:46 0 d-------- C:\Program Files\Java
2008-04-26 19:57:51 0 d-------- C:\Program Files\Microsoft Works
2008-04-26 19:56:38 0 d-------- C:\Program Files\Microsoft.NET
2008-04-14 14:06:37 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C613CE22-151C-4331-94FF-F113A153F66D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6CDACA0-D369-41FB-9313-EEEA1B5BB0A0}]
C:\Program Files\MSN Gaming Zone\mevohC:\WINDOWS\system32\i2\mper83122.exe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 09:06 AM C:\WINDOWS\AGRSMMSG.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [08/12/2004 05:45 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [11/02/2004 02:53 PM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [11/29/2004 02:00 PM C:\WINDOWS\ALCWZRD.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 03:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [06/20/2007 11:09 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 07:54 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"iTunesHelper"="C:\Program Files\iTunes-new\iTunesHelper.exe" [02/04/2008 02:18 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 04:33 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 04:37 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Distillr\Acrotray.exe" [01/12/2006 08:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/03/2008 06:11 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [06/20/2006 10:36 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"SightSpeed"="C:\Program Files\SightSpeed\SightSpeed.exe" [11/09/2007 10:47 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"NoDispBackgroundPage"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows NT\rteqeprak.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/03/2008 06:11 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 06/20/2007 11:09 AM 10536 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-06-09 09:57:58 ------------
 

Attachments

amateur

·
TSF-Emeritus
Joined
·
15,384 Posts
#2 · (Edited)
Hello and welcome to TSF.

Sorry for the delayed response. The forum is very busy. Combofix is not a casual tool to be run MANY times, especially without the supervision of a trained analyst.

Please delete the present copy(ies) of Combofix from your desktop and download a fresh copy from this link.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
About this Discussion
1 Reply
2 Participants
Last post:
amateur
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Recommended Communities
Community avatar for Overclocking
Overclocking
612K+ members
Community avatar for Toyota Nation Forum
Toyota Nation Forum
525K+ members
Community avatar for Tesla Bot Forum
Tesla Bot Forum
60+ members
Top