Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

services.exe terminated unexpectedly status code 1073741819


  • This topic is locked This topic is locked
14 replies to this topic

#1 katjamiller

katjamiller

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 19 June 2009 - 03:36 AM

hi! a few days ago i was infected with the freddy46.exe virus which i thought i managed to get rid of, the computer was running fine again, but then suddenly since yesterday, when i log into windows (which now takes about 5 minutes and is very slow), when it's finally finished loading, i get a message that says "Services and Controller app has encountered a problem and needs to close." when i click on "don't send", a "system shutdown" message comes up, which says "The system process 'C:\WINDOWS\system32\services.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart.", it is apparently initiated by NT AUTHORITY\SYSTEM. i can cancel the shutdown (by going to start/run and typing 'shutdown -a') but after this the system runs almost impossibly slowly and internet explorer becomes unusable within about 5 minutes.

here is my log, thanks so much in advance for any help:






DDS (Ver_09-05-14.01) - NTFSx86
Run by Feargal at 20:56:17.06 on 18/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3574.3063 [GMT 1:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\InitJam.exe
C:\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\VOX\JamVOX\JVExec.exe
svchost
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Feargal\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [ANT Agent] c:\garmin\ant agent\ANT Agent.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [JamInit] InitJam.exe
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\feargal\start menu\programs\startup\rncsys32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\jvexec.lnk - c:\program files\vox\jamvox\JVExec.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205337178671
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205337254578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2_08-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-18 20:10 3,968 a------- c:\windows\system32\drivers\AvgArCln.sys
2009-06-18 13:32 <DIR> --d----- c:\windows\LastGood.Tmp
2009-06-16 17:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-15 19:27 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-15 18:24 <DIR> --d----- c:\program files\Trend Micro
2009-06-15 18:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-06-15 18:07 <DIR> --d----- c:\program files\common files\iS3
2009-06-15 18:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-06-15 14:19 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-15 13:51 0 ----h--- c:\windows\bf5087.dat
2009-06-15 13:51 1 a------- c:\windows\dk39fi4fe.dat
2009-06-15 13:48 2 ----h--- c:\windows\zaponce53173.dat
2009-06-15 13:48 1 ----h--- c:\windows\msmark2.dat
2009-06-15 13:48 2 ----h--- c:\windows\zaponce53222.dat
2009-06-15 13:48 <DIR> --d----- c:\program files\podmena
2009-06-15 13:48 2 ----h--- c:\windows\zaponce53198.dat
2009-06-15 13:48 1 ----h--- c:\windows\bf23567.dat
2009-06-15 13:48 2 ----h--- c:\windows\zaponce53290.dat
2009-06-13 20:58 107,070 a------- c:\windows\system32\drivers\ef6516b9.sys
2009-06-02 13:37 <DIR> --d----- c:\program files\IEToolbar
2009-05-25 12:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\VOX
2009-05-25 12:36 <DIR> --d----- c:\program files\VOX

==================== Find3M ====================

2009-05-15 20:03 57,344 a------- C:\clipstreamsa.dll
2009-04-15 01:00 146,000 a------- c:\windows\system32\InitJam.exe
2009-04-15 01:00 109,136 a------- c:\windows\system32\JVOXAsio.dll

============= FINISH: 20:56:49.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:45 PM

Posted 19 June 2009 - 07:02 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 katjamiller

katjamiller
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 19 June 2009 - 07:57 AM

right, i've just run the anti malware scan, here's the log:

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2

19/06/2009 13:30:32
mbam-log-2009-06-19 (13-30-32).txt

Scan type: Quick Scan
Objects scanned: 93992
Time elapsed: 8 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8085:tcp (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\podmena (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Feargal\start menu\Programs\Startup\rncsys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Feargal\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\dk39fi4fe.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\zaponce53173.dat (Worm.Koobface) -> Quarantined and deleted successfully.
c:\WINDOWS\zaponce53198.dat (Worm.Koobface) -> Quarantined and deleted successfully.
c:\WINDOWS\zaponce53222.dat (Worm.Koobface) -> Quarantined and deleted successfully.
c:\WINDOWS\zaponce53290.dat (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.


--

and here's the fresh hijackthis report:

k
DDS (Ver_09-05-14.01) - NTFSx86
Run by Feargal at 13:55:06.43 on 19/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3574.3126 [GMT 1:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\InitJam.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files\VOX\JamVOX\JVExec.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Feargal\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [ANT Agent] c:\garmin\ant agent\ANT Agent.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [JamInit] InitJam.exe
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\jvexec.lnk - c:\program files\vox\jamvox\JVExec.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205337178671
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205337254578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2_08-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R?2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R1 avgarcln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2009-6-18 3968]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-24 266240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-6 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081129.002\NAVENG.SYS [2008-11-29 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081129.002\NAVEX15.SYS [2008-11-29 876112]
S1 JAMVOX_AA;Service for JamVOX Controller driver;c:\windows\system32\drivers\JamDRV.sys [2009-4-15 48720]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 JAMVOX_01;Service for JamVOX Audio driver;c:\windows\system32\drivers\JamWdm.sys [2009-4-15 27216]
S3 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
S3 RDID1061;EDIROL UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [2008-3-12 172865]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-3-12 1245064]

=============== Created Last 30 ================

2009-06-19 10:26 <DIR> --d----- c:\docume~1\feargal\applic~1\Malwarebytes
2009-06-19 10:26 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 10:26 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-19 10:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 10:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-19 09:42 <DIR> --d----- c:\program files\Sophos
2009-06-19 09:12 <DIR> --d----- C:\Rustbfix
2009-06-18 20:10 3,968 a------- c:\windows\system32\drivers\AvgArCln.sys
2009-06-18 13:32 <DIR> --d----- c:\windows\LastGood.Tmp
2009-06-16 17:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-15 19:27 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-15 18:24 <DIR> --d----- c:\program files\Trend Micro
2009-06-15 18:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-06-15 18:07 <DIR> --d----- c:\program files\common files\iS3
2009-06-15 18:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-06-15 14:19 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-15 13:51 0 ----h--- c:\windows\bf5087.dat
2009-06-13 20:58 107,070 a------- c:\windows\system32\drivers\ef6516b9.sys
2009-06-02 13:37 <DIR> --d----- c:\program files\IEToolbar
2009-05-25 12:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\VOX
2009-05-25 12:36 <DIR> --d----- c:\program files\VOX

==================== Find3M ====================

2009-05-15 20:03 57,344 a------- C:\clipstreamsa.dll
2009-04-15 01:00 146,000 a------- c:\windows\system32\InitJam.exe
2009-04-15 01:00 109,136 a------- c:\windows\system32\JVOXAsio.dll

============= FINISH: 13:55:33.03 ===============

--

thanks again!

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:45 PM

Posted 19 June 2009 - 08:07 AM

Hi,

Navigate to and delete the following file:

c:\windows\bf5087.dat

Then, Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:


c:\windows\system32\drivers\ef6516b9.sys

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.

Do the same for the following file:

C:\clipstreamsa.dll
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 katjamiller

katjamiller
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 19 June 2009 - 08:30 AM

ok, have deleted that file.

when i do it for ef6516b9.sys i get this message:
"0 bytes size received / Se ha recibido un archivo vacio"

here are the results for clipstreamsa.dll:

File clipstreamsa.dll received on 2009.06.19 13:29:56 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.19 -
AhnLab-V3 5.0.0.2 2009.06.19 -
AntiVir 7.9.0.191 2009.06.19 -
Antiy-AVL 2.0.3.1 2009.06.19 -
Authentium 5.1.2.4 2009.06.19 -
AVG 8.5.0.339 2009.06.19 -
BitDefender 7.2 2009.06.19 -
CAT-QuickHeal 10.00 2009.06.19 -
ClamAV 0.94.1 2009.06.19 -
Comodo 1371 2009.06.19 -
DrWeb 5.0.0.12182 2009.06.19 -
eSafe 7.0.17.0 2009.06.18 -
eTrust-Vet 31.6.6569 2009.06.19 -
F-Prot 4.4.4.56 2009.06.19 -
F-Secure 8.0.14470.0 2009.06.18 -
Fortinet 3.117.0.0 2009.06.19 -
GData 19 2009.06.19 -
Ikarus T3.1.1.59.0 2009.06.19 -
Jiangmin 11.0.706 2009.06.19 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.19 -
McAfee 5650 2009.06.18 -
McAfee+Artemis 5650 2009.06.18 -
McAfee-GW-Edition 6.7.6 2009.06.19 -
Microsoft 1.4701 2009.06.19 -
NOD32 4171 2009.06.19 -
Norman 6.01.09 2009.06.19 -
nProtect 2009.1.8.0 2009.06.19 -
Panda 10.0.0.16 2009.06.19 -
PCTools 4.4.2.0 2009.06.19 -
Prevx 3.0 2009.06.19 -
Rising 21.34.44.00 2009.06.19 -
Sophos 4.42.0 2009.06.19 -
Sunbelt 3.2.1858.2 2009.06.18 -
Symantec 1.4.4.12 2009.06.19 -
TheHacker 6.3.4.3.348 2009.06.19 -
TrendMicro 8.950.0.1094 2009.06.19 -
VBA32 3.12.10.7 2009.06.19 -
ViRobot 2009.6.19.1796 2009.06.19 -
VirusBuster 4.6.5.0 2009.06.18 -
Additional information
File size: 57344 bytes
MD5...: 62f8403f946a7a5d287cd33aae6bc552
SHA1..: c35fc83d024409a848f6e76eaa104d0ea9ad5b5e
SHA256: eeada5f1b455cfc916124b49e613f0056e71a73a68bdacf601b84760a6bf3f3b
ssdeep: 768:6CEfCJR8n5Ff8gLJ2TnpDodwdpoHQLd7rvjbp9w8htxJGo9j:6aJR8f87TnB
vpospoWtio9j

PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2a0e
timedatestamp.....: 0x42c07e3d (Mon Jun 27 22:31:25 2005)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6db6 0x7000 6.53 cd42ec85d85c1a000b18ed5403322b8d
.rdata 0x8000 0x12c8 0x2000 3.41 2a057f619e9111594ebad5e0b9222916
.data 0xa000 0x32ca 0x3000 0.93 d048e0f10826290dc49f677631f36b99
.reloc 0xe000 0xf24 0x1000 4.12 b02c2388b6eb23cda3bba4a6dec2327c

( 4 imports )
> DDRAW.dll: DirectDrawCreate
> ADVAPI32.dll: GetUserNameA
> USER32.dll: EmptyClipboard, SetRect, OpenClipboard
> KERNEL32.dll: CloseHandle, OpenProcess, FreeLibrary, GetProcAddress, LoadLibraryA, GetVersionExA, TerminateProcess, RtlUnwind, GetCommandLineA, GetVersion, HeapAlloc, ExitProcess, GetCurrentProcess, HeapReAlloc, HeapSize, HeapFree, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetLastError, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, GetModuleHandleA, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualAlloc, IsBadWritePtr, GetCPInfo, MultiByteToWideChar, LCMapStringA, LCMapStringW, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetStringTypeA, GetStringTypeW, RaiseException

( 6 exports )
_Java_UserCtrl_addProcName@12, _Java_UserCtrl_drawImageDX@36, _Java_UserCtrl_getUserName@8, _Java_UserCtrl_stopDX@8, _Java_UserCtrl_stopScreenPrint@8, _Java_UserCtrl_stopScreenScrap@8

PDFiD.: -
RDS...: NSRL Reference Data Set
-



thanks!

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:45 PM

Posted 19 June 2009 - 08:37 AM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 katjamiller

katjamiller
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 19 June 2009 - 09:07 AM

hi,

i'm having trouble with this stage, i have norton internet security installed but i can't open the program (when i try to open it, nothing happens) so i can't disable the virus protection or the firewall, so i cant run combofix. what can i do?

thanks again

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:45 PM

Posted 19 June 2009 - 09:13 AM

It may be a good idea to temporary uninstall Norton Internet Security, because it looks like it's corrupted anyway.
You can reinstall it afterwards again once we are done here. :thumbup2:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 katjamiller

katjamiller
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 19 June 2009 - 09:34 AM

right, sorry to be such a pain but i've been trying to uninstall norton but it keeps coming up with the message "setup was unable to update the MSI system component" and stopping the uninstall process. am i doomed?!

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:45 PM

Posted 19 June 2009 - 09:37 AM

Hi,

This is common with Norton - It's a pain to uninstall.
Please use the uninstall tool:

* To fully remove Norton AntiVirus or other Symantec related products, select the product you want to uninstall from this list in order to download the removal tool.
Please read the instructions first before you use it.

For older versions of Norton (2000, 2001, 2002), choose this link.

Also read the next article in case you're having problems with uninstalling Norton if above instructions didn't work, or noticed problems after uninstalling Norton: http://basconotw.mvps.org/SymRem.htm
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 katjamiller

katjamiller
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 19 June 2009 - 11:49 AM

right! thanks for that, got there in the end... i managed to uninstall norton and here is the combofix log:

ComboFix 09-06-18.02 - Feargal 19/06/2009 17:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3574.3137 [GMT 1:00]
Running from: c:\documents and settings\Feargal\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IEToolbar
c:\windows\system32\drivers\ef6516b9.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ef6516b9


((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-19 09:26 . 2009-06-19 09:26 -------- d-----w- c:\documents and settings\Feargal\Application Data\Malwarebytes
2009-06-19 09:26 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 09:26 . 2009-06-19 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 09:26 . 2009-06-19 09:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-19 09:26 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-19 08:42 . 2009-06-19 08:42 -------- d-----w- c:\program files\Sophos
2009-06-19 08:12 . 2009-06-19 08:12 -------- d-----w- C:\Rustbfix
2009-06-18 19:10 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2009-06-16 16:48 . 2009-06-16 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-15 17:24 . 2009-06-15 17:24 -------- d-----w- c:\program files\Trend Micro
2009-06-15 17:08 . 2009-06-15 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-06-15 17:07 . 2009-06-15 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-15 17:07 . 2009-06-15 17:07 -------- d-----w- c:\program files\Common Files\iS3
2009-06-15 13:19 . 2009-03-24 15:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-27 18:20 . 2009-05-27 18:20 -------- d-----w- c:\documents and settings\Feargal\Application Data\CyberLink
2009-05-25 11:36 . 2009-05-25 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\VOX
2009-05-25 11:36 . 2009-05-25 11:36 -------- d-----w- c:\program files\VOX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 16:39 . 2008-03-12 18:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-19 15:23 . 2008-03-12 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-07 14:34 . 2008-03-19 15:33 -------- d-----w- c:\program files\Snood 4
2009-05-19 14:36 . 2009-02-05 13:21 -------- d-----w- c:\program files\Interlex 2
2009-05-15 19:03 . 2009-05-15 19:03 57344 ----a-w- C:\clipstreamsa.dll
2009-05-04 15:03 . 2009-05-04 14:58 -------- d-----w- c:\documents and settings\Feargal\Application Data\Spotify
2009-05-04 14:58 . 2009-05-04 14:58 -------- d-----w- c:\program files\Spotify
2009-04-23 19:11 . 2009-04-23 17:14 -------- d-----w- c:\documents and settings\Feargal\Application Data\Notepad++
2009-04-19 14:24 . 2009-04-19 14:24 47296 ----a-w- c:\documents and settings\Feargal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 00:00 . 2009-04-15 00:00 48720 ----a-w- c:\windows\system32\drivers\JamDRV.sys
2009-04-15 00:00 . 2009-04-15 00:00 27216 ----a-w- c:\windows\system32\drivers\JamWdm.sys
2009-04-15 00:00 . 2009-04-15 00:00 146000 ----a-w- c:\windows\system32\InitJam.exe
2009-04-15 00:00 . 2009-04-15 00:00 109136 ----a-w- c:\windows\system32\JVOXAsio.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2008-09-02 8203352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"JamInit"="InitJam.exe" - c:\windows\system32\InitJam.exe [2009-04-15 146000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
JVExec.lnk - c:\program files\VOX\JamVOX\JVExec.exe [2009-4-15 980280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^JVExec.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\JVExec.lnk
backup=c:\windows\pss\JVExec.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-G Notebook Adapter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk
backup=c:\windows\pss\Wireless-G Notebook Adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NICCONFIGSVC"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [24/02/2009 13:39 266240]
S1 JAMVOX_AA;Service for JamVOX Controller driver;c:\windows\system32\drivers\JamDRV.sys [15/04/2009 01:00 48720]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 JAMVOX_01;Service for JamVOX Audio driver;c:\windows\system32\drivers\JamWdm.sys [15/04/2009 01:00 27216]
S3 RDID1061;EDIROL UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [12/03/2008 15:44 172865]
.
Contents of the 'Scheduled Tasks' folder

2009-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: hmrc.gov.uk\online
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 17:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-261478967-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\System32\BCMLogon.dll
c:\program files\Funk Software\Funk Client\odLogin.dll

- - - - - - - > 'explorer.exe'(2656)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-19 17:42 - machine was rebooted [Bob]
ComboFix-quarantined-files.txt 2009-06-19 16:42

Pre-Run: 48,746,160,128 bytes free
Post-Run: 49,374,339,072 bytes free

149 --- E O F --- 2008-10-30 19:29



--

the automatic shutdown message isn't coming up any more and the computer seems like it's running normally again but obviously that happened before and it was still messed up so i will leave it to your expert judgement! thanks ONCE MORE, lol!

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:45 PM

Posted 19 June 2009 - 01:01 PM

Hi,

It looks like Combofix already removed that file - so you should be OK here.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Then please reinstall your Norton or another Antivirus.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 katjamiller

katjamiller
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 20 June 2009 - 07:33 AM

hi! i've uninstalled combofix and reinstalled norton and everything seems to be running fine now! i really can't thank you enough for all your time and patience, you have no idea how grateful i am! thanks SO much :thumbup2:

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:45 PM

Posted 20 June 2009 - 07:40 AM

Glad I could help. :thumbup2:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:45 PM

Posted 07 July 2009 - 07:23 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users