BleepingComputer.com: Start>All Programs = (Empty)

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Start>All Programs = (Empty) Malware issue but problems persist

#16 User is offline   bjrowe 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 15-September 11

Posted 05 October 2011 - 09:04 PM

Here is the latest log. The computer is still running slow - takes almost 20 minutes to complete the start up.

I have a spare hard drive - if I put that in, recognizing that my programs won't be there - will it take care of the problem or is it related to other hardward in the computer?

Thanks.

ComboFix 11-10-03.01 - browe 10/05/2011 9:58.2.2 - x86
Running from: c:\documents and settings\browe\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\browe\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
FILE ::
"c:\windows\system32\drivers\dibouah.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_joao
.
.
((((((((((((((((((((((((( Files Created from 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))))))
.
.
2011-10-03 12:52 . 2010-07-17 09:00 423656 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-23 03:54 . 2011-09-23 03:54 -------- d-----w- C:\_OTL
2011-09-15 22:00 . 2011-09-15 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\MemeoCommon
2011-09-15 21:59 . 2011-09-15 21:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\Seagate
2011-09-15 21:59 . 2011-09-15 21:59 -------- d-----w- c:\documents and settings\browe\Application Data\Seagate
2011-09-15 21:58 . 2011-09-15 21:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2011-09-15 21:58 . 2011-10-03 12:43 -------- d-----w- c:\program files\Common Files\Memeo
2011-09-15 21:57 . 2011-09-15 21:57 -------- d-----w- c:\program files\Seagate
2011-09-15 21:54 . 2011-09-15 21:54 -------- d-----w- c:\documents and settings\browe\Application Data\Leadertech
2011-09-15 21:08 . 2011-09-15 21:10 -------- d-----w- c:\windows\system32\NtmsData
2011-09-07 13:31 . 2011-09-07 13:31 -------- d-----w- c:\program files\Ethiderm
2011-09-06 16:39 . 2011-09-06 16:39 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 22:37 . 2011-05-24 21:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 21:00 . 2010-01-15 18:35 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-07 21:02 . 2011-03-23 19:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-06-21 1207080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 102400]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2003-10-03 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-07-25 155648]
"HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe" [2003-03-31 28672]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"Live! Central"="c:\program files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" [2008-08-22 438399]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-01 273544]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-01-12 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-12 1210640]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VF0490Inst"="c:\windows\system32\V0490Pin.dll" [2008-08-07 40960]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\browe\Start Menu\Programs\Startup\
Infotriever.lnk - c:\program files\Infotriever\Agent\infoclient.exe [2007-6-21 106496]
Monitor My eRooms (V7).lnk - c:\program files\eRoom 7\ERClient7.exe [2009-1-21 153096]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 12:42 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 12:42 PM 74480]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 5:11 PM 61440]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 7:34 AM 115952]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 12:42 PM 14088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/4/2011 7:53 PM 105592]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [6/25/2011 6:16 PM 6609920]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [6/25/2009 3:25 PM 31616]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2009 11:08 AM 133104]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [6/25/2009 3:25 PM 145760]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [6/15/2004 4:55 PM 7882]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2009 11:08 AM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 12:42 PM 7408]
S3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter;c:\windows\system32\drivers\USB100M.SYS [1/9/2009 2:00 PM 27519]
S3 V0490Afx;Creative Camera VF0490 Audio Effects Driver;c:\windows\system32\drivers\V0490Afx.sys [6/25/2009 3:27 PM 160768]
S3 V0490Vid;Creative Camera VF0490 Driver;c:\windows\system32\drivers\V0490Vid.sys [6/25/2009 3:27 PM 282208]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 15:07]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 15:07]
.
2011-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1614895754-839522115-2740Core.job
- c:\documents and settings\browe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-04 23:38]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1614895754-839522115-2740UA.job
- c:\documents and settings\browe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-04 23:38]
.
2011-10-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-10-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1614895754-839522115-2740.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-10-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-77793844-962874349-243860920-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-09-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-10-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1614895754-839522115-2740.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-09-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-77793844-962874349-243860920-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Linked&In Search - c:\program files\LinkedIn\IE Toolbar\3.2.3.1001\LinkedInIEToolbar.dll/ContextMenu.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: streamtheworld.com\cbsplayer
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
DPF: vzTCPConfig - hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} - hxxps://download.infotriever.com/bin/ifhelper.cab
DPF: {D00CB680-081D-4F94-97D5-75DEDDC374ED} - hxxps://www36.verizon.com/fiosvoice/Downloads/FiosVoiceWebCntrl.CAB
FF - ProfilePath - c:\documents and settings\browe\Application Data\Mozilla\Firefox\Profiles\a3r77owq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-05 11:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1340)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(2740)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
.
**************************************************************************
.
Completion time: 2011-10-05 11:23:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-05 15:23
ComboFix2.txt 2011-10-03 17:25
.
Pre-Run: 5,443,477,504 bytes free
Post-Run: 5,509,664,768 bytes free
.
- - End Of File - - 962FD09627935E2A734297EC6067AC4B

Attached File(s)


#17 User is offline   sempai 

  • noypi
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,161
  • Joined: 30-June 06
  • Gender:Male
  • Location:3 stars and a sun

Posted 06 October 2011 - 08:02 AM

The problem is not hardware related, the malware moves the shortcut to the temp directory. But since you already run Unhide.exe and the problem is still there then most likely the temp directory was emptied before you did run Unhide.exe. Let's try to restore them manually.

Go to Start > Control Panel > Add Remove Programs.
Identify/click the programs (one at a time) with missing shortcut and click "Change/Remove"
It will give you the option to "Modify, repair or remove the program", please choose "repair" and follow the prompts.

On some programs, the only option is "Remove" therefore you will need to uninstall/reinstall that program.
~Semp

Posted Image
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)

#18 User is offline   sempai 

  • noypi
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 5,161
  • Joined: 30-June 06
  • Gender:Male
  • Location:3 stars and a sun

Posted 11 October 2011 - 06:30 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
~Semp

Posted Image
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users