Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows security alerts shuts off my updates., Had this happen before and its happening again same problems as before


  • This topic is locked This topic is locked
10 replies to this topic

#1 Chirp

Chirp

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 05 January 2009 - 09:48 PM

Please see aborted topic in HJT forum from Dec. here: http://www.bleepingcomputer.com/forums/t/186367/windows-security-alerts-shuts-off-my-updates/ ~ OB

My windows security icon in my icon tray is rd with an X in it. My automatic updates are shut off and i can not turn them back on. If i go into Control panel-system-automatic updates it says my updates are turned on. Last time this happened i got a new icon that looked identical to the red shield with an X in it only it would display messages like " you have a virus", "you need to Scan" things like that. This has not happened yet, but it is happening the same way it did before so it very well could be the next step.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:14 PM, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\iagent\iaprocicon.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Computer Alarm Clock\cac.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [58e22214] rundll32.exe "C:\WINDOWS\system32\mdsvtbdf.dll",b
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\Program Files\Computer Alarm Clock\cac.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9862 bytes


Please help.

Edited by Orange Blossom, 06 January 2009 - 12:09 AM.


BC AdBot (Login to Remove)

 


#2 Chirp

Chirp
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 06 January 2009 - 11:03 AM

OB

I did everything in that topic and am continuing to have the same problems, there is no Vundo fix log because Vundo Fix did not find any files when i ran it then and when i ran it the other night. I was told by someone to open another topic with a new HJT log and that is why i am posting the same problem again.

Thanks for taking the time to read all of this and any help or suggestions would be greatly appreciated.

#3 Chirp

Chirp
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 06 January 2009 - 08:33 PM

It actually has gotten worse now. My antivirus (Mcafee ) is now sending me messages telling me it has deleted 6 files each time, butt here is an 7th file that has its status changed every few moments from "Deleted" to "Delete Daile (Clean Failed)" then back to "Deleted" and so on.

It is being detected as Vundo from the application \??\C:\\WINDOWS\system32\Winlogon.exe

I ran vundo fix 2 times and have gotten no results at all

PLEASE HELP!

#4 Chirp

Chirp
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 10 January 2009 - 02:55 AM

Bump

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 AM

Posted 13 January 2009 - 03:46 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

To disable McAfee:
  • Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
    Right-click it -> chose Exit.
  • A popup will warn that protection will now be disabled. Click on Yes to disable the Antivirus guard.
To disable SpyBot's TeaTimer:
You can find instructions with visuals here.
  • Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select Advanced Mode.
  • On the left hand side, Click on Tools.
  • Click on the Resident icon in the list.
  • Uncheck Resident TeaTimer and OK any prompts.
  • Download ResetTeaTimer.bat and run it to remove entries set by TeaTimer. If you are not using Internet Explorer, you may not be prompted to download the file when you click it. In that case, right click it and select "Save Target/Link as" and save the file onto your desktop.
    The file should take only a second to finish. Delete this file after use.
Restart your computer for the changes to take affect.

Download and Run ComboFix
If you have already run ComboFix, delete your copy and download a new one. If the computer in question is unable to download ComboFix, transfer it using a removable media (CDs, flash drive).

Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

In your next reply include:
-the ComboFix log
-a new HijackThis or DDS log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 AM

Posted 13 January 2009 - 05:22 PM

Hello.

Please add all replied in the future to this topic.

i am having problems disabling my anti virus as there is no "M" box but a Shield with a V in it. There is no option to Exit or Close my Mcafee.

I am running McAfee virusscan enterprise + antispyware enterprise 8.5.0i

The directions may differ slightly.

Navigate to the system tray and double-click the taskbar icon to open Security Center.
Click Advanced Menu (bottom mid-left).
Click Configure (left).
Click Computer & Files (top left).
VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on.

With Regards,
The Panda

#7 Chirp

Chirp
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 14 January 2009 - 05:05 PM

Thanks for your help PP.

The problem seems to be fixed. Here are the logs you asked for.

hijackthis is the hi jack log

log is the ComboFix log

ComboFix 09-01-13.04 - HP_Administrator 2009-01-14 16:45:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.444 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\IAgentSetup.msi
c:\windows\system32\bincwcam.dll
c:\windows\system32\dqqjpqio.ini
c:\windows\system32\enbehude.dll
c:\windows\system32\fccdaXqR.dll
c:\windows\system32\fdbtvsdm.ini
c:\windows\system32\iadddmej.ini
c:\windows\system32\nbaioket.ini
c:\windows\system32\nvevjg.dll
c:\windows\system32\oiqpjqqd.dll
c:\windows\system32\pkwjud.dll
c:\windows\system32\qduemtel.dll
c:\windows\system32\qqwacrhs.ini
c:\windows\system32\rmlcvjnq.dll
c:\windows\system32\RqXadccf.ini
c:\windows\system32\RqXadccf.ini2
c:\windows\system32\rqybjnlf.ini
c:\windows\system32\shrcawqq.dll
c:\windows\system32\tygrfqkj.ini
c:\windows\system32\wnlfhlue.ini
c:\windows\system32\wrgtcopd.ini
c:\windows\system32\xhlrwbrx.dll
c:\windows\system32\xrbwrlhx.ini
c:\windows\wiaserviv.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-06 17:04 . 2009-01-06 17:04 <DIR> d-------- c:\program files\Valve
2009-01-05 21:45 . 2009-01-05 21:45 <DIR> d-------- c:\program files\Trend Micro
2009-01-05 00:14 . 2009-01-09 16:22 <DIR> d-------- c:\program files\Computer Alarm Clock
2009-01-03 23:58 . 2009-01-03 23:58 <DIR> d-------- C:\VundoFix Backups
2009-01-03 23:52 . 2009-01-03 23:52 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-03 23:52 . 2009-01-04 01:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 13:42 . 2008-12-27 13:42 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2008-12-27 13:42 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-27 13:42 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-27 13:41 . 2008-12-27 13:42 <DIR> d-------- c:\program files\iTunes
2008-12-27 13:41 . 2008-12-27 13:41 <DIR> d-------- c:\program files\iPod
2008-12-27 13:41 . 2008-12-27 13:41 <DIR> d-------- c:\program files\Bonjour
2008-12-27 13:41 . 2008-12-27 13:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-27 13:40 . 2008-12-27 13:42 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-12-27 13:40 . 2008-12-27 13:41 <DIR> d-------- c:\program files\QuickTime
2008-12-27 13:40 . 2008-12-27 13:40 <DIR> d-------- c:\program files\Apple Software Update
2008-12-27 13:40 . 2008-12-27 13:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-27 13:39 . 2008-12-27 13:41 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-27 13:39 . 2008-12-27 13:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-27 00:23 . 2008-12-27 00:23 <DIR> d-------- c:\windows\Sun
2008-12-26 15:29 . 2008-12-26 15:47 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-26 03:02 . 2008-12-26 03:02 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-25 03:08 . 2008-08-14 05:00 2,180,352 --a------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-25 03:08 . 2008-08-14 04:58 2,136,064 --a------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-25 03:08 . 2008-08-14 04:22 2,057,728 --a------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-25 03:08 . 2008-08-14 04:22 2,015,744 --a------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-25 03:08 . 2006-03-20 22:23 23,040 --------- c:\windows\kb913800.exe
2008-12-25 03:03 . 2008-06-13 08:10 272,128 --a------ c:\windows\system32\drivers\bthport.sys
2008-12-25 03:03 . 2008-06-13 08:10 272,128 --a------ c:\windows\system32\dllcache\bthport.sys
2008-12-25 03:03 . 2006-03-16 19:38 28,672 --a------ c:\windows\system32\verclsid.exe
2008-12-24 19:04 . 2008-12-24 19:15 139,264 --a------ c:\windows\War3Unin.exe
2008-12-24 19:04 . 2008-12-24 19:44 77,817 --a------ c:\windows\War3Unin.dat
2008-12-24 19:04 . 2008-12-24 19:15 2,829 --a------ c:\windows\War3Unin.pif
2008-12-24 19:01 . 2009-01-14 01:50 <DIR> d-------- c:\program files\Warcraft III
2008-12-24 18:51 . 2008-12-24 18:51 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\acccore
2008-12-24 18:50 . 2008-12-24 18:50 <DIR> d-------- c:\program files\VideoLAN
2008-12-24 18:49 . 2008-12-24 18:49 <DIR> d-------- c:\program files\Viewpoint
2008-12-24 18:49 . 2008-12-24 18:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-24 18:49 . 2008-12-24 18:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2008-12-24 18:49 . 2008-12-24 18:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2008-12-24 18:49 . 2008-12-24 18:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-12-24 18:49 . 2008-12-24 18:49 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-24 18:49 . 2008-12-24 18:49 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-24 18:48 . 2008-12-24 18:48 <DIR> d-------- c:\program files\Common Files\AOL
2008-12-24 18:48 . 2008-12-24 18:50 <DIR> d-------- c:\program files\AIM6
2008-12-24 18:48 . 2008-12-24 18:50 469 --ah----- C:\IPH.PH
2008-12-24 18:47 . 2008-12-24 18:47 0 --a------ c:\windows\nsreg.dat
2008-12-24 18:45 . 2009-01-14 05:24 <DIR> d-------- C:\QUARANTINE
2008-12-24 18:37 . 2008-12-24 18:37 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2008-12-24 18:37 . 2008-12-24 18:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-24 18:37 . 2007-10-25 15:06 1,495,552 --a------ c:\windows\system32\epoPGPsdk.dll
2008-12-24 18:37 . 2007-10-25 15:06 280 --a------ c:\windows\system32\epoPGPsdk.dll.sig
2008-12-24 18:36 . 2008-12-24 18:37 <DIR> d-------- c:\program files\McAfee
2008-12-24 18:36 . 2008-12-24 18:36 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-24 18:36 . 2008-05-22 20:50 174,952 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-12-24 18:36 . 2008-05-22 20:50 72,936 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-12-24 18:36 . 2008-05-22 20:50 64,232 --a------ c:\windows\system32\drivers\mfeapfk.sys
2008-12-24 18:36 . 2008-05-22 20:50 52,104 --a------ c:\windows\system32\drivers\mfetdik.sys
2008-12-24 18:36 . 2008-05-22 20:50 33,960 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-12-24 18:06 . 2008-12-24 18:06 1,910 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_EX272AA-ABA a1520n_YC_0Pavi_QCNH622_E63NAemMPA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64 X2 Dual Core_92_#081224_N_Z11C10620_G10DE0241.MRK
2008-12-24 06:09 . 2008-12-24 00:18 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2008-12-24 06:09 . 2008-12-24 00:18 <DIR> d-------- c:\documents and settings\HP_Administrator\WINDOWS
2008-12-24 06:09 . 2008-12-24 00:18 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Intuit
2008-12-24 06:09 . 2008-12-24 18:12 <DIR> d-------- c:\documents and settings\HP_Administrator
2008-12-24 06:08 . 2008-12-24 00:18 <DIR> d-------- c:\documents and settings\Default User\WINDOWS
2008-12-24 06:06 . 2009-01-14 16:52 181 --a------ c:\windows\system\hpsysdrv.DAT
2008-12-24 02:06 . 2008-12-24 00:16 <DIR> d-------- c:\windows\nview
2008-12-24 02:06 . 2008-12-24 00:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SBSI
2008-12-24 02:05 . 1998-10-29 19:45 306,688 --a------ c:\windows\IsUninst.exe
2008-12-24 02:05 . 2008-12-24 02:06 218,245 --a------ c:\windows\orun32.isu
2008-12-24 02:05 . 2008-12-24 02:06 791 --a------ c:\windows\orun32.ini
2008-12-24 01:55 . 2008-12-26 03:15 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-24 01:54 . 1998-05-07 11:04 52,736 --a------ c:\windows\system\hpsysdrv.exe
2008-12-24 01:52 . 2008-12-24 18:49 <DIR> d-------- c:\program files\Java
2008-12-24 01:52 . 2008-12-24 00:21 <DIR> d-------- c:\program files\Common Files\Java
2008-12-24 01:52 . 2004-11-10 14:31 786,944 --a------ c:\windows\system32\RDBios32.dll
2008-12-24 01:52 . 2004-09-23 19:28 532,480 --a------ c:\windows\system32\cPC_DMIRD.dll
2008-12-24 01:48 . 2006-01-10 19:48 46,592 --a------ c:\windows\system32\drivers\irbus.sys
2008-12-24 01:48 . 2006-01-10 19:48 19,200 --a------ c:\windows\system32\drivers\hidir.sys
2008-12-24 01:47 . 2005-06-28 10:21 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-12-24 01:46 . 2008-12-24 00:23 <DIR> d-------- c:\program files\GemMaster
2008-12-24 01:46 . 2008-12-24 00:23 <DIR> d-------- c:\program files\EnglishOtto
2008-12-24 01:45 . 2008-12-24 00:12 <DIR> d-------- c:\windows\system32\URTTemp
2008-12-24 01:08 . 2008-12-26 03:19 <DIR> d--hs---- c:\documents and settings\All Users\DRM
2008-12-24 01:08 . 2008-12-24 01:08 333 --a------ c:\windows\system32\$ncsp$.inf
2008-12-24 01:08 . 2008-12-24 01:08 61 --a------ c:\windows\smscfg.ini
2008-12-24 01:07 . 2004-08-04 01:59 5,504 --a------ c:\windows\system32\drivers\intelide.sys
2008-12-24 01:07 . 2004-08-04 01:59 5,504 --a------ c:\windows\system32\dllcache\intelide.sys
2008-12-24 01:07 . 2004-08-04 01:59 5,376 --a------ c:\windows\system32\drivers\viaide.sys
2008-12-24 01:07 . 2004-08-04 01:59 5,376 --a------ c:\windows\system32\dllcache\viaide.sys
2008-12-24 01:04 . 2008-12-24 00:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-24 00:56 . 2008-12-24 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-24 00:55 . 2008-12-24 18:18 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-12-24 00:52 . 2008-12-24 00:23 <DIR> d-------- c:\program files\Google
2008-12-24 00:48 . 2002-12-06 15:10 2,238 --a------ c:\windows\system32\doc.ico
2008-12-24 00:47 . 2008-12-24 00:39 <DIR> d-------- c:\program files\PC-Doctor for DOS
2008-12-24 00:47 . 2008-12-24 00:38 <DIR> d-------- c:\program files\PC-Doctor 5 for Windows
2008-12-24 00:47 . 2006-02-01 19:07 28,848 --a------ c:\windows\system32\drivers\USBkey.sys
2008-12-24 00:47 . 2006-02-01 19:14 13,440 --a------ c:\windows\system32\drivers\pcdrndisuio.sys
2008-12-24 00:47 . 2006-01-19 19:20 11,351 --a------ c:\windows\system32\drivers\diag69xp.sys
2008-12-24 00:45 . 2005-07-13 14:48 29,926 --a------ c:\windows\hsc.ico
2008-12-24 00:44 . 2008-12-24 00:14 <DIR> d-------- c:\windows\HPCPCUninstall-9972322
2008-12-24 00:44 . 2008-12-24 00:40 <DIR> d-------- c:\program files\Updates from HP
2008-12-24 00:44 . 2008-12-24 00:44 118,842 -ra------ c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
2008-12-24 00:43 . 2008-12-24 18:06 <DIR> d-a------ c:\windows\system32\pcintro
2008-12-24 00:43 . 2005-10-28 14:30 46,254 --a------ c:\windows\system32\oemlogo.bmp
2008-12-24 00:43 . 2003-04-07 15:22 45,056 --a------ c:\windows\system32\runclose.ocx
2008-12-24 00:43 . 2002-03-19 22:05 45,056 --a------ c:\windows\system32\hpreg.dll
2008-12-24 00:43 . 2004-01-22 11:51 40,960 --a------ c:\windows\system32\omano.dll
2008-12-24 00:43 . 2003-02-04 15:24 36,864 --a------ c:\windows\system32\fpalsu.dll
2008-12-24 00:43 . 2008-12-24 00:43 14,318 --a------ c:\windows\system32\CHODDI.SYS
2008-12-24 00:41 . 2005-12-07 19:38 1,667,072 --a------ c:\windows\system32\cdintf250.dll
2008-12-24 00:40 . 2008-12-24 00:39 <DIR> d-------- c:\program files\Quicken
2008-12-24 00:40 . 2008-12-24 00:22 <DIR> d-------- c:\program files\Common Files\Palo Alto Software
2008-12-24 00:40 . 2008-12-24 00:21 <DIR> d-------- c:\program files\Common Files\Intuit
2008-12-24 00:40 . 2008-12-24 00:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Intuit
2008-12-24 00:40 . 2008-12-24 00:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intuit
2008-12-24 00:40 . 2008-12-24 00:41 174 --a------ c:\windows\QUICKEN.INI
2008-12-24 00:39 . 2008-12-24 00:35 <DIR> d-------- c:\program files\muvee Technologies
2008-12-24 00:39 . 2008-12-24 00:22 <DIR> d-------- c:\program files\Common Files\muvee Technologies
2008-12-24 00:38 . 2008-12-24 00:14 <DIR> d-a------ c:\windows\CREATOR
2008-12-24 00:38 . 2008-12-24 00:18 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-12-24 00:38 . 2005-06-03 18:29 266,240 --a------ c:\windows\system32\ShellvRTF64.dll
2008-12-24 00:38 . 2005-06-03 18:29 237,568 --a------ c:\windows\system32\ShellvRTF.dll
2008-12-24 00:38 . 2008-12-24 00:38 376 --a------ c:\windows\ODBC.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 05:41 --------- d-----w c:\program files\Windows Plus
2008-12-24 05:33 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"Steam"="c:\program files\Valve\Steam\Steam.exe" [2009-01-06 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-15 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-15 61440]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-05-22 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"Computer Alarm Clock"="c:\program files\Computer Alarm Clock\cac.exe" [2007-09-06 696832]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2006-01-24 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2008-12-24 36903]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\fccdaXqR

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-24 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23372e9e-da97-11dd-8540-001731a1a1aa}]
\Shell\AutoRun\command - J:\MyPasswords.exe
\Shell\open\command - J:\MyPasswords.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{39FFB3D6-63B6-42CC-911E-6D8E9F529CB6} - c:\windows\system32\fccdaXqR.dll
HKLM-Run-58e22214 - c:\windows\system32\jkqfrgyt.dll
HKLM-Run-PCDrProfiler - (no file)
Notify-efcARHBu - efcARHBu.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: *.trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hgb7mxmt.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 16:52:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\hp\KBD\kbd.exe
c:\windows\system\hpsysdrv.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-14 16:55:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-14 21:55:21

Pre-Run: 221,161,930,752 bytes free
Post-Run: 221,622,337,536 bytes free

297 --- E O F --- 2008-12-27 08:01:03

Attached Files


Edited by PropagandaPanda, 14 January 2009 - 06:27 PM.


#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 AM

Posted 14 January 2009 - 06:44 PM

Hello.

Looks like ComboFix took care of that infection. Let's remove the leftovers.

Please make sure your protection is disabled. By the way, is your McAfee suscription still active?

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23372e9e-da97-11dd-8540-001731a1a1aa}]
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

F-Secure Online Scan
Please run F-Secure Online Scanner to check for anything left.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please post back with:
-the ComboFix log
-the F-Secure scan log

Any symptoms of infection right now?

With Regards,
The Panda

#9 Chirp

Chirp
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 14 January 2009 - 07:30 PM

PP i did everything you asked except run the F-secure program. I could not get it to download. The bar would not move and my anti virus(even though i had it off) said it was still blocking it.

I have none of the issues i had before with infection here is the latest Combo fix log.

Attached Files

  • Attached File  log2.txt   20.19KB   1 downloads


#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 AM

Posted 14 January 2009 - 07:54 PM

Hello.

Let's try ESET.

Run ESET Online Scan
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start. If you see a "Security Warning" that asks if you want to install and run a file called "OnlineScanner.cab", click Yes.
  • Click Start. The online scanner will now prepare itself for running on your pc.
  • To do a full-scan, tick: Remove found threats and Scan potentially unwanted applications.
  • Press Scan. The Onlinescan will now start and scan your computer. Please be patient as this a while.
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window.
  • Click Start, then Run.... The the box that appears type with the quotes:
    "C:\Program Files\EsetOnlineScanner\log.txt"
  • The scan results will now open in Notepad
  • Click into the text area, right-click and chose select all. Right-click again and chose Copy.
  • Post back with the log.txt in your next reply.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

With Regards,
The Panda

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 AM

Posted 19 January 2009 - 03:39 PM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users