Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost Admin Rights


  • This topic is locked This topic is locked
4 replies to this topic

#1 JF10

JF10

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 15 April 2009 - 04:57 PM

Hi Guys, I'm runnning Windows XP Professional on an HP 2510p. I was infected, but after running some tools now I think I'm not infected, although I'm not sure and I lost admin rights. If you could help I would kindly appreciate it :D


DDS (Ver_09-03-16.01) - NTFSx86
Run by User at 17:51:10,73 on 15-04-2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.56.1033.18.2023.930 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Connection Manager\sysctrlB.exe
C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\DOCUME~1\User\LOCALS~1\Temp\xrip.exe
C:\DOCUME~1\User\LOCALS~1\Temp\winretuiv.exe
C:\DOCUME~1\User\LOCALS~1\Temp\winvghn.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Z810SysStart] c:\program files\connection manager\sysctrlB.exe
uRun: [Z810PNP] c:\program files\connection manager\SamsungPnPServiceManager.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\samsun~3.lnk - c:\program files\clarus\samsung auto backup\ISFGuage.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232490486796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\gxxj6wx6.default\
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google updater\2.4.1425.4532\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

============= SERVICES / DRIVERS ===============

R2 rma;Radia Management Agent;c:\novadigm\managementagent\nvdkit.exe [2005-9-19 1968446]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2008-9-15 262360]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\lkkshp.sys --> c:\windows\system32\drivers\lkkshp.sys [?]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-22 193840]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-9 41216]
S2 gupdate1c98ee153e5ce08;Google Update Service (gupdate1c98ee153e5ce08);c:\program files\google\update\GoogleUpdate.exe [2009-2-14 133104]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2008-7-9 33024]
S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\drivers\sembbus.sys --> c:\windows\system32\drivers\sembbus.sys [?]
S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\drivers\sembcard.sys --> c:\windows\system32\drivers\sembcard.sys [?]
S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\drivers\sembmdfl2.sys --> c:\windows\system32\drivers\sembmdfl2.sys [?]
S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\drivers\sembmdm2.sys --> c:\windows\system32\drivers\sembmdm2.sys [?]
S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\drivers\sembmgmt.sys --> c:\windows\system32\drivers\sembmgmt.sys [?]
S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\drivers\sembnd5.sys --> c:\windows\system32\drivers\sembnd5.sys [?]
S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\drivers\sembunic.sys --> c:\windows\system32\drivers\sembunic.sys [?]
S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\drivers\sembwwan.sys --> c:\windows\system32\drivers\sembwwan.sys [?]
S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\drivers\semcreserved.sys --> c:\windows\system32\drivers\semcreserved.sys [?]
S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\drivers\sesc.sys --> c:\windows\system32\drivers\sesc.sys [?]
S3 vusbser;Rovio ARM-Based MCU driver;c:\windows\system32\drivers\vusbser.sys --> c:\windows\system32\drivers\vusbser.sys [?]

=============== Created Last 30 ================

2009-04-15 16:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Clarus
2009-04-15 16:02 <DIR> --d----- c:\program files\Clarus
2009-04-13 20:27 <DIR> --d----- C:\Respaldo Antec
2009-04-05 22:22 <DIR> --dsh--- c:\documents and settings\user\IECompatCache
2009-03-30 15:21 <DIR> --d----- c:\program files\Trend Micro
2009-03-30 13:12 161,792 a------- c:\windows\SWREG.exe
2009-03-30 13:12 98,816 a------- c:\windows\sed.exe
2009-03-27 17:58 323,584 ac-s-r-- c:\windows\system32\dllcache\svchost.exe
2009-03-24 10:13 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-23 14:29 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-23 14:27 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-23 14:27 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-23 14:27 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-23 14:27 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-23 14:27 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-23 14:27 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-23 14:27 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-23 14:27 <DIR> --d----- C:\0b1759e628df556b3d21bfb8
2009-03-23 13:58 <DIR> --dsh--- c:\documents and settings\user\PrivacIE
2009-03-20 17:01 <DIR> --dsh--- c:\documents and settings\user\IETldCache
2009-03-20 02:19 <DIR> --d----- c:\windows\ie8updates
2009-03-20 02:14 <DIR> -cd-h--- c:\windows\ie8
2009-03-20 02:10 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-03-20 02:09 <DIR> --d----- C:\a27868b9efe41241f4ddcf

==================== Find3M ====================

2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-08 21:56 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-05 20:52 0 a------- c:\docume~1\alluse~1\applic~1\PKP_DLdy.DAT
2008-08-23 00:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082220080823\index.dat

============= FINISH: 17:51:51,46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:12:27 AM

Posted 29 April 2009 - 11:01 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 JF10

JF10
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 30 April 2009 - 10:01 AM

DDS (Ver_09-03-16.01) - NTFSx86
Run by User at 16:59:58,15 on 30-04-2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.56.1033.18.2023.926 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Connection Manager\sysctrlB.exe
C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\User\LOCALS~1\Temp\winsvtmcd.exe
C:\DOCUME~1\User\LOCALS~1\Temp\wingprypd.exe
C:\DOCUME~1\User\LOCALS~1\Temp\winguyjv.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\DOCUME~1\User\LOCALS~1\Temp\emgw.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\DOCUME~1\User\LOCALS~1\Temp\winsvguir.exe
C:\DOCUME~1\User\LOCALS~1\Temp\gokdep.exe
C:\DOCUME~1\User\LOCALS~1\Temp\winrcvrg.exe
C:\DOCUME~1\User\LOCALS~1\Temp\ywfejm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\User\LOCALS~1\Temp\idew.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\User\LOCALS~1\Temp\winfwued.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.16.0\gears.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Z810SysStart] c:\program files\connection manager\sysctrlB.exe
uRun: [Z810PNP] c:\program files\connection manager\SamsungPnPServiceManager.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\samsun~3.lnk - c:\program files\clarus\samsung auto backup\ISFGuage.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.16.0\gears.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232490486796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\gxxj6wx6.default\
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google updater\2.4.1425.4532\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

============= SERVICES / DRIVERS ===============

R2 rma;Radia Management Agent;c:\novadigm\managementagent\nvdkit.exe [2005-9-19 1968446]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2008-9-15 262360]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\lkkshp.sys --> c:\windows\system32\drivers\lkkshp.sys [?]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-22 193840]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-9 41216]
S2 gupdate1c98ee153e5ce08;Google Update Service (gupdate1c98ee153e5ce08);c:\program files\google\update\GoogleUpdate.exe [2009-2-14 133104]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2008-7-9 33024]
S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\drivers\sembbus.sys --> c:\windows\system32\drivers\sembbus.sys [?]
S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\drivers\sembcard.sys --> c:\windows\system32\drivers\sembcard.sys [?]
S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\drivers\sembmdfl2.sys --> c:\windows\system32\drivers\sembmdfl2.sys [?]
S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\drivers\sembmdm2.sys --> c:\windows\system32\drivers\sembmdm2.sys [?]
S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\drivers\sembmgmt.sys --> c:\windows\system32\drivers\sembmgmt.sys [?]
S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\drivers\sembnd5.sys --> c:\windows\system32\drivers\sembnd5.sys [?]
S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\drivers\sembunic.sys --> c:\windows\system32\drivers\sembunic.sys [?]
S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\drivers\sembwwan.sys --> c:\windows\system32\drivers\sembwwan.sys [?]
S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\drivers\semcreserved.sys --> c:\windows\system32\drivers\semcreserved.sys [?]
S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\drivers\sesc.sys --> c:\windows\system32\drivers\sesc.sys [?]
S3 vusbser;Rovio ARM-Based MCU driver;c:\windows\system32\drivers\vusbser.sys --> c:\windows\system32\drivers\vusbser.sys [?]

=============== Created Last 30 ================

2009-04-30 15:48 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-30 15:48 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-30 15:48 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-04-30 15:42 <DIR> --d----- c:\program files\common files\PCSuite
2009-04-30 15:41 <DIR> --d----- c:\program files\common files\Nokia
2009-04-30 15:41 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-04-30 15:40 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-04-30 15:40 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-04-30 15:40 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-04-30 15:40 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
2009-04-30 15:40 91,136 a------- c:\windows\system32\nmwcdcls.dll
2009-04-30 15:40 <DIR> --d----- c:\program files\Nokia
2009-04-21 00:26 <DIR> --d----- c:\program files\iPod
2009-04-21 00:26 <DIR> --d----- c:\program files\iTunes
2009-04-21 00:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-21 00:06 <DIR> --d----- c:\program files\Bonjour
2009-04-16 16:44 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-16 16:44 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-16 16:44 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-16 16:44 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-16 16:44 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 16:44 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 16:44 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 16:44 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-16 16:44 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 16:17 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 16:17 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 22:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Clarus
2009-04-15 22:02 <DIR> --d----- c:\program files\Clarus
2009-04-14 02:27 <DIR> --d----- C:\Respaldo Antec
2009-04-06 04:22 <DIR> --dsh--- c:\documents and settings\user\IECompatCache

==================== Find3M ====================

2009-03-19 22:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 10:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 10:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 10:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 10:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 10:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 10:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 10:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 10:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 10:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 10:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 16:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 14:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 14:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 14:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 14:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 13:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 03:56 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-06 13:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 13:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 12:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 12:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 21:59 56,832 a------- c:\windows\system32\secur32.dll
2009-01-06 02:52 0 a------- c:\docume~1\alluse~1\applic~1\PKP_DLdy.DAT
2008-08-23 06:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082220080823\index.dat

============= FINISH: 17:00:44,75 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09-07-2008 14:02:45
System Uptime: 30-04-2009 10:03:08 (7 hours ago)

Motherboard: Hewlett-Packard | | 30C9
Processor: Intel® Core™2 Duo CPU U7600 @ 1.20GHz | U10 | 1196/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 4,856 GiB free.
D: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: HP Mobile Data Protection Sensor
Device ID: ACPI\HPQ0004\3&B1BFB68&0
Manufacturer: HP Hewlett-Packard Corporation
Name: HP Mobile Data Protection Sensor
PNP Device ID: ACPI\HPQ0004\3&B1BFB68&0
Service: Accelerometer

==== System Restore Points ===================

RP166: 26-04-2009 19:15:01 - System Checkpoint
RP167: 30-04-2009 15:48:33 - Installed Windows XP Wdf01007.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9.1
Apple Mobile Device Support
Apple Software Update
µTorrent
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bonjour
Camera Control Pro 2
Connection Manager
Critical Update for Windows Media Player 11 (KB959772)
CyberLink PhotoNow
CyberLink PowerDirector
Digsby
Fraps
Google Chrome
Google Earth
Google Gears
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP PCMCIA Smart Card Reader
HP Quick Launch Buttons 6.40 F1
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® Network Connections Drivers
iTunes
Java™ 6 Update 11
Java™ 6 Update 4
Java™ 6 Update 7
Java™ SE Runtime Environment 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.8)
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
Multiple Image Resizer .NET
Nikon Message Center
Nokia Connectivity Cable Driver
Nokia PC Suite
OpenOffice.org 2.4
Opera 9.52
Paint.NET v3.35
PC Connectivity Solution
QuickTime
RICOH R5C853 Driver Ver.1.00.02
Safari
Samsung Auto Backup
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Skype™ 3.8
Slickr
Soft Data Fax Modem with SmartCP
Software Update Wizard (Redistributable) 4.5
Sonic Activation Module
SoundMAX
Synaptics Pointing Device Driver
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6i
WebEx
WebFldrs XP
Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
Windows Driver Package - Nokia Modem (02/24/2009 4.0)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XVID Codec Installation

==== Event Viewer Messages From Past Week ========

30-04-2009 12:10:56, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 0013E8F484FD has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
29-04-2009 17:06:50, error: Dhcp [1002] - The IP address lease 192.168.1.37 for the Network Card with network address 0013E8F484FD has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
29-04-2009 12:58:53, error: Dhcp [1002] - The IP address lease 192.168.1.76 for the Network Card with network address 0013E8F484FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
28-04-2009 15:43:04, error: Dhcp [1002] - The IP address lease 192.168.2.103 for the Network Card with network address 0013E8F484FD has been denied by the DHCP server 10.242.0.1 (The DHCP Server sent a DHCPNACK message).
27-04-2009 20:29:09, error: Dhcp [1002] - The IP address lease 192.168.2.103 for the Network Card with network address 0013E8F484FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
25-04-2009 2:13:22, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013E8F484FD. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
24-04-2009 20:09:50, error: Dhcp [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 0013E8F484FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
24-04-2009 15:54:16, error: Dhcp [1002] - The IP address lease 192.168.1.76 for the Network Card with network address 0013E8F484FD has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 01 May 2009 - 03:38 AM

Ok.. Looking at log, I would advised you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installer and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar/.pif/.asp/.php/.iso files... We are looking for possible Virut or Sality infection, and if it is.. Then you might have to wipe the machine clean..

Make sure you back-up everything ONLY via CD or DVD (non-rewritable).. If you need to backup into external hard drive or thumbdrive, make sure it is EMPTY.. Meaning NO FILE inside it.. Format the external drive first before attach it to the infected computer.. A single .exe file inside the external drive may infected other computers as well


Make sure you backup everything necessary first before proceed with below steps!!


Lets turn off your System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.



NEXT


We need to get rid of some of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop abp470n5
sc delete abp470n5
del c:\windows\system32\drivers\lkkshp.sys
del C:\Documents and Settings\user\Local Settings\temp\*.*
exit

Save it to your desktop as File name: Service.bat
Save as type: All Files

It should look like this: Posted Image

Once done, double click Service.bat to run it. A command window will open briefly, then close. This is quite normal.




NEXT


Please download Dr.Web CureIt to the Desktop:
  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)


NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..



Post these logs in your next reply..

1. Dr.Web CureIt
2. ComboFix

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 07 May 2009 - 07:22 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users