Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection with CLB Rootkit


  • This topic is locked This topic is locked
21 replies to this topic

#1 Forgotten_One

Forgotten_One

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 17 July 2009 - 11:08 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/242072/i-am-receiving-error-0xc004d401-in-windows-vista/ ~ OB

OS: Windows Vista Home Basic, Service Pack 1
Anti-Virus: ESET NOD32 Antivirus
Firewall: Windows Defender

Like the topic title says, I am now receiving error 0xC004D401 in Vista. I'm certain this is the result of a virus, but I'm unaware which one, and it appears to be a very unsavory one. Specifically, it says

"Error: 0xC004D401
Description: The security processor reported a systemfile mismatch error."

Afterwards, I'm unable to continue in Windows Vista. I'm running everything through safe mode at the moment, including the network connection.

The following are things I've noticed that were added or changed since the infection.

1. I remember a bunch of pop-ups claiming that I've been infected and I clicked on a program to be downloaded before I canceled it. I don't think I canceled it in time.
2. The error came after I attempted to view a video.
3. There is now an executable file called net.net
4. A program called Advertisement Service has appeared in my Programs list.
5. I cannot search for anything anti-virus or anti-malware related.
6. I cannot run any anti-malware programs after bringing them to my laptop through a flash drive unless I rename the .exe
7. As I post this, an advertisement has just appeared on my desktop and after running its course, vanished.

Since then, I was able to remove net.net, Advertisement Service, but I'm still unable to run anti-virus or anti-malware related or search for them.

The following is the DDS log.


DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by DKim at 10:33:10.63 on Thu 07/16/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vistaâ„¢ Enterprise 6.0.6001.1.1252.1.1033.18.2038.1585 [GMT -5:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Users\dkim\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.stlcop.edu
uDefault_Page_URL = hxxp://www.stlcop.edu
mDefault_Page_URL = hxxp://www.stlcop.edu
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
uRun: [Cognac] c:\users\dkim\appdata\local\temp\b.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: []
mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SPC230NC_Monitor] c:\windows\philips\spc230nc\Monitor.exe
mRun: [SPC_Monitor] c:\windows\philips\spc230nc\Monitor.exe
mRun: [net] "c:\windows\system32\net.net"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\dkim\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\traymi~1.lnk - c:\program files\philips\philips spc230nc webcam\TrayMin230.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoPropertiesMyComputer = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DefaultLogonDomain = stlcop.local
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dkim\appdata\roaming\mozilla\firefox\profiles\d11y8btr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-2 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-5-10 35456]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-3-13 33800]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2006-10-26 18944]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2006-10-31 5632]
S2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\altiris\dagent\dagent.exe [2007-7-20 1230088]
S2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-3-13 472320]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2008-12-25 8576]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [2008-12-25 461056]

=============== Created Last 30 ================

2009-07-16 10:07 --d----- c:\users\dkim\appdata\roaming\Malwarebytes
2009-07-16 10:05 --d----- c:\programdata\Malwarebytes
2009-07-16 10:05 --d----- c:\progra~2\Malwarebytes
2009-07-16 09:58 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 02:15 138,752 a------- c:\windows\msa.exe
2009-07-16 02:14 141,828 a------- c:\windows\system32\msxml71.dll
2009-07-16 02:13 110,977 a------- c:\windows\system32\net.net
2009-07-15 10:11 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 10:11 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 10:11 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 10:11 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-04 11:54 97,800 a------- c:\windows\system32\infocardapi.dll
2009-07-04 11:54 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-04 11:54 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-07-04 11:53 622,080 a------- c:\windows\system32\icardagt.exe
2009-07-04 11:53 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-07-04 11:53 11,264 a------- c:\windows\system32\icardres.dll
2009-07-04 11:53 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-07-04 11:53 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-07-04 09:31 96,760 a------- c:\windows\system32\dfshim.dll
2009-07-04 09:31 282,112 a------- c:\windows\system32\mscoree.dll
2009-07-04 09:31 41,984 a------- c:\windows\system32\netfxperf.dll
2009-07-04 09:28 156,160 a------- c:\windows\system32\msls31.dll
2009-06-21 23:13 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-06-21 23:13 --d----- c:\program files\Hamachi

==================== Find3M ====================

2009-05-15 16:14 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-15 16:14 51,200 a------- c:\windows\inf\infpub.dat
2009-05-15 16:14 86,016 a------- c:\windows\inf\infstor.dat
2009-05-09 00:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 00:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-23 07:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 07:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 06:55 2,033,152 a------- c:\windows\system32\win32k.sys
2008-08-26 09:48 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 21:42 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-10-31 22:59 5,632 a------- c:\windows\inf\FUJ02E3.sys
2006-10-31 22:20 5,888 a------- c:\windows\inf\FUJ02B1.sys
2005-11-15 15:32 3,638 a----r-- c:\program files\common files\Altiris_Icon.ico

============= FINISH: 10:34:14.01 ===============

Attached Files


Edited by Orange Blossom, 17 July 2009 - 11:12 PM.


BC AdBot (Login to Remove)

 


m

#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 28 July 2009 - 08:42 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 28 July 2009 - 09:50 AM

Currently, I need to boot into Safe Mode and run Malwarebytes Anti-Malware first. If I fail to do so, Windows Vista fails to recognize my copy and kicks me off if I boot normally. After running Malwarebytes, I can boot normally.

I've used ATFCleaner and Super Antispyware. Rootrepeal was used as well, where boopme saw the file in question but was unable to help me any further, which is why I'm here.


DDS (Ver_09-06-26.01) - NTFSx86
Run by DKim at 9:43:59.75 on Tue 07/28/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.1.1033.18.2038.988 [GMT -5:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Altiris\Dagent\dagent.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\msiexec.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\Philips\SPC230NC\Monitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMenu.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\dkim\Desktop\dds.scr
C:\Program Files\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\AexInvSoln.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.stlcop.edu
uDefault_Page_URL = hxxp://www.stlcop.edu
mDefault_Page_URL = hxxp://www.stlcop.edu
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [<NO NAME>]
mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SPC230NC_Monitor] c:\windows\philips\spc230nc\Monitor.exe
mRun: [SPC_Monitor] c:\windows\philips\spc230nc\Monitor.exe
StartupFolder: c:\users\dkim\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\traymi~1.lnk - c:\program files\philips\philips spc230nc webcam\TrayMin230.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DefaultLogonDomain = stlcop.local
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\dkim\appdata\roaming\mozilla\firefox\profiles\d11y8btr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-2 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-5-10 35456]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-3-13 33800]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\altiris\dagent\dagent.exe [2007-7-20 1230088]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-3-13 472320]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2006-10-26 18944]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2006-10-31 5632]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
RUnknown blbknkn;blbknkn; [x]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2008-12-25 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [2008-12-25 461056]

=============== Created Last 30 ================

2009-07-16 15:08 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-16 15:08 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-16 15:07 <DIR> --d----- c:\users\dkim\appdata\roaming\SUPERAntiSpyware.com
2009-07-16 15:07 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-16 12:31 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 12:31 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-16 10:07 <DIR> --d----- c:\users\dkim\appdata\roaming\Malwarebytes
2009-07-16 10:05 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-16 10:05 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-16 09:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 10:11 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 10:11 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 10:11 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 10:11 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-04 11:54 97,800 a------- c:\windows\system32\infocardapi.dll
2009-07-04 11:54 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-04 11:54 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-07-04 11:53 622,080 a------- c:\windows\system32\icardagt.exe
2009-07-04 11:53 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-07-04 11:53 11,264 a------- c:\windows\system32\icardres.dll
2009-07-04 11:53 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-07-04 11:53 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-07-04 09:31 96,760 a------- c:\windows\system32\dfshim.dll
2009-07-04 09:31 282,112 a------- c:\windows\system32\mscoree.dll
2009-07-04 09:31 41,984 a------- c:\windows\system32\netfxperf.dll
2009-07-04 09:28 156,160 a------- c:\windows\system32\msls31.dll

==================== Find3M ====================

2009-06-21 23:13 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-05-15 16:14 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-15 16:14 51,200 a------- c:\windows\inf\infpub.dat
2009-05-15 16:14 86,016 a------- c:\windows\inf\infstor.dat
2009-05-09 00:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 00:34 71,680 a------- c:\windows\system32\iesetup.dll
2008-08-26 09:48 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 21:42 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-10-31 22:59 5,632 a------- c:\windows\inf\FUJ02E3.sys
2006-10-31 22:20 5,888 a------- c:\windows\inf\FUJ02B1.sys
2005-11-15 15:32 3,638 a----r-- c:\program files\common files\Altiris_Icon.ico

============= FINISH: 9:44:22.88 ===============

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 29 July 2009 - 12:17 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 29 July 2009 - 09:25 PM

I cannot disable ESET NOD32 Antivirus. It requests a password, which I do not know because the laptop was provided by my school

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 29 July 2009 - 11:43 PM

Run ComboFix in Safe Mode if possible, if not, just run ComboFix please :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 30 July 2009 - 12:25 AM

ComboFix 09-07-29.03 - DKim 07/30/2009 0:02.1.2 - NTFSx86
Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.1.1033.18.2038.1310 [GMT -5:00]
Running from: c:\users\dkim\Desktop\Combo-Fix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2198937214-1497671618-1462749380-500
c:\$recycle.bin\S-1-5-21-463028273-241539347-3024745504-500
c:\windows\system32\drivers\UAChyqtrpnnorxeqfupp.sys
c:\windows\system32\UACaprcvcmjxppxfunct.dll
c:\windows\system32\UACcuwtslbphnrfovwsi.dll
c:\windows\system32\UACenqniridfufsxxeuv.dll
c:\windows\system32\UAChnfhfoxwsypvfvmtx.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACqjxwrarpystobbvwi.dll
c:\windows\system32\UACvrcofywtbmtcnhosx.dat
c:\windows\system32\UACysgjewjciemiwqkdb.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 05:09 . 2009-07-30 05:09 -------- d-----w- c:\users\DS.STLCOPNT\AppData\Local\temp
2009-07-16 20:08 . 2009-07-16 20:08 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2009-07-16 20:07 . 2009-07-16 20:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-16 17:31 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 17:31 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-16 15:05 . 2009-07-16 15:05 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-16 14:58 . 2009-07-16 17:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 15:11 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 15:11 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 15:11 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 15:11 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-04 16:54 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-04 16:54 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-04 16:53 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-04 16:53 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-04 16:53 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-04 16:53 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-04 16:53 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-04 14:31 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-04 14:31 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-04 14:31 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-04 14:28 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 22:47 . 2008-08-26 20:39 -------- d-----w- c:\program files\Trillian
2009-07-16 19:40 . 2008-07-01 16:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-15 15:24 . 2008-07-01 16:18 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-04 17:05 . 2008-07-01 16:21 -------- d-----w- c:\program files\Microsoft Works
2009-06-22 04:14 . 2009-06-22 04:13 -------- d-----w- c:\program files\Hamachi
2009-06-22 04:13 . 2009-06-22 04:13 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-13 19:53 . 2008-08-26 15:34 -------- d-----w- c:\program files\Starcraft
2009-05-09 05:50 . 2009-07-04 14:30 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-07-04 14:30 71680 ----a-w- c:\windows\system32\iesetup.dll
2005-11-15 20:32 . 2005-11-15 20:32 3638 ----a-r- c:\program files\Common Files\Altiris_Icon.ico
2009-06-13 14:24 . 2008-09-02 13:16 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2007-03-28 143360]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2007-03-13 20480]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-22 827392]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-14 52832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-19 4702208]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2008-12-25 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DefaultLogonDomain"= stlcop.local

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1162508061-1999852495-692992123-20681\Scripts\Logon\0\0]
"Script"=Unified Logon rev7.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1162508061-1999852495-692992123-20681\Scripts\Logon\0\1]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1162508061-1999852495-692992123-23995\Scripts\Logon\0\0]
"Script"=Unified Logon rev5.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1162508061-1999852495-692992123-26282\Scripts\Logon\0\0]
"Script"=Unified Logon rev6.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1162508061-1999852495-692992123-26282\Scripts\Logon\0\1]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CA508884-8E79-4DFB-9198-142C6B547F68}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{048F0C27-6B91-4F15-86B5-6BB44A06536E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5EF26BBE-4BCB-47FE-B637-4C1A6A6EC5DA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5EAA7A2D-9FDC-45F6-BC13-79DA5BA2ED7A}"= UDP:c:\program files\CyberLink\PowerDVD\PowerDVD.exe:CyberLink PowerDVD
"{1A930B25-50E4-4CA6-BAEB-196AF99ADBEA}"= TCP:c:\program files\CyberLink\PowerDVD\PowerDVD.exe:CyberLink PowerDVD
"TCP Query User{FDBCFC7E-9FAB-4138-81AE-9DD2D36EE49D}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{9918EF7D-3D00-45DF-8A20-381B84096B0D}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{C7827F83-78D0-4D01-8397-DCB85E535D4A}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian
"UDP Query User{B89B4564-F6DE-48E6-9914-387F67801D64}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian
"TCP Query User{B5BAFCFE-7EDB-4F4B-BABE-B02D29ABE6CF}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{CDA09F11-7A93-45F8-81B9-4559F542C34C}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"{3BBAA788-7255-4ABB-B4CE-067C3ECD6138}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{B95613D3-E191-437C-B526-8575FE40A175}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{06E1117E-8E1B-4C8B-9A30-41994CC397CE}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{5B8DC2DB-71A1-4CD2-9AFB-9C26A322DD7C}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{1772B4B1-6CBE-49E5-AEFF-2FDCBE8E5116}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{EDF307D5-A0C0-4805-96F7-42F4C227D47E}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
"{2BC055E3-448F-4C9E-985F-CE60FEEC6B6B}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{7F1E0C59-50F9-4412-A649-5CC0AEBEE12A}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{DAA8648D-65CB-401B-9AB3-E5610DAAE6D1}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{2628A944-6541-45AD-A4BC-950F162192D3}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"TCP Query User{33897794-E1D6-4217-BBD2-021832CE14D4}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{E0C9F2FE-49C5-4E91-B095-7E9CDDBDAC10}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{3CD26116-80AB-4088-BC6C-F2E67F6B71EE}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{CC40C6FE-FD46-4D7F-9CAF-EDCB5ABB0FDF}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"{15304320-6AC7-4EDA-B678-8B1322484A4D}"= TCP:2302:Civilization 4 - Direct IP Connection 1
"{79E7F561-A177-48AC-93D5-804BB074E228}"= TCP:13139:Civilization 4 - Direct IP Connection 2
"{BA629F65-9802-4BE9-AD49-CCAE4764E615}"= TCP:6500:Civilization 4 - Direct IP Connection 3
"TCP Query User{42430CDA-A64A-47F6-A12B-2D1F53653AF1}c:\\program files\\hasbro interactive\\rollercoaster tycoon\\rct.exe"= UDP:c:\program files\hasbro interactive\rollercoaster tycoon\rct.exe:rct
"UDP Query User{B87660E3-D9E2-4394-8622-063AE45920F6}c:\\program files\\hasbro interactive\\rollercoaster tycoon\\rct.exe"= TCP:c:\program files\hasbro interactive\rollercoaster tycoon\rct.exe:rct
"TCP Query User{9C5978F0-6BAC-41A9-AC31-C8CA9A4B5829}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{D57BED2A-FB95-4F6A-9686-0520A01E7DDA}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{346978DC-4C42-4D71-8E6C-B0ED9F5367B3}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1DEFE79C-6840-4E3D-945C-B153E512395D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CADF37E0-B4DB-453F-A962-B97F8B84CD15}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{624D68F4-BD51-444A-9B61-F6C5D23FB30E}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{6CCE5078-D1C3-4009-8254-899748DE994D}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{9D125F83-58B6-458E-BC39-D8089919FFA1}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{FA86DE61-5559-4ADB-81B5-71B3CAB6D587}"= UDP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{1FCADFF6-6050-4678-AA00-C9D9CC602929}"= TCP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{37B50B55-4FE1-4CEB-83D0-832EF4BEC484}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window
"{5A877A31-49A3-46B3-A69F-C808449AF649}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window
"{0D706EB6-B83D-45D3-86F4-C090E32085DE}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{44EE72A8-0066-4075-AEB1-9B330FE0BCD9}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"TCP Query User{43BBE3A0-57A5-425A-9BFC-4C0E6AF14008}c:\\program files\\2k games\\firaxis games\\sid meier's civilization 4 gold\\beyond the sword\\civ4beyondsword.exe"= UDP:c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe:Sid Meier's Civilization 4 : Beyond The Sword
"UDP Query User{3B885E6A-8266-4120-888D-4B9540C09D2D}c:\\program files\\2k games\\firaxis games\\sid meier's civilization 4 gold\\beyond the sword\\civ4beyondsword.exe"= TCP:c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe:Sid Meier's Civilization 4 : Beyond The Sword
"TCP Query User{D73D84C2-C714-40EF-99D2-7E459EFE3461}c:\\program files\\2k games\\firaxis games\\sid meier's civilization 4 gold\\warlords\\civ4warlords.exe"= UDP:c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe:Sid Meier's Civilization 4 : Warlords
"UDP Query User{1A004362-431E-45E3-B524-506185A96233}c:\\program files\\2k games\\firaxis games\\sid meier's civilization 4 gold\\warlords\\civ4warlords.exe"= TCP:c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe:Sid Meier's Civilization 4 : Warlords
"TCP Query User{A6E79E4B-F657-4D42-8027-933857284265}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian
"UDP Query User{65CFE58C-E72C-4466-8CB2-5584703E1696}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian
"TCP Query User{5DBB24D8-9B97-4379-A289-9E5EFCCF5165}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{6982C3D3-0DE1-4317-B58C-1F836BFDCAA4}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\DRIVERS\PAEAFLT.sys [2007-09-26 8576]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\DRIVERS\SPC230NC.SYS [2007-12-31 461056]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-02 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-05-10 35456]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]
S2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\Altiris\Dagent\dagent.exe [2008-12-23 1230088]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
S3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\DRIVERS\FjBtnDrv.sys [2006-10-26 18944]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.stlcop.edu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\dkim\AppData\Roaming\Mozilla\Firefox\Profiles\d11y8btr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 00:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe
c:\windows\System32\o2flash.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Fingerprint Sensor\ATSwpNav.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Completion time: 2009-07-30 0:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 05:22

Pre-Run: 22,979,325,952 bytes free
Post-Run: 23,004,213,248 bytes free

254 --- E O F --- 2009-07-15 15:25

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 30 July 2009 - 08:51 AM

I see the computer has Malwarebytes' Anti-Malware.. Please update it >> Do a full scan >> remove all threats >> Post the log here :thumbup2:

Then do below..

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
How's the computer now? :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 30 July 2009 - 08:31 PM

The computer appears to be running much better now. My Internet Explorer still asks if I want to open the tabs when my last session unexpectedly ended, and I fear it's going to lead back to the website that started this mess. Will it always ask that?

Malwarebytes' Anti-Malware 1.39
Database version: 2530
Windows 6.0.6001 Service Pack 1

7/30/2009 11:54:22 AM
mbam-log-2009-07-30 (11-54-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 242234
Time elapsed: 1 hour(s), 9 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\Windows\System32\UAChnfhfoxwsypvfvmtx.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=00c235a0d2445d46a53b74057046160f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-30 06:11:07
# local_time=2009-07-30 01:11:07 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5889 61 66 100 480952802939705
# compatibility_mode=8196 61 100 100 43203076000
# scanned=153916
# found=0
# cleaned=0
# scan_time=3535
# nod_component=V3 Build:0x30000000

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 30 July 2009 - 11:05 PM

My Internet Explorer still asks if I want to open the tabs when my last session unexpectedly ended,


Just choose "No" and continue to surf safely.. I prefer Mozilla Firefox by the way :thumbup2:

Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 30 July 2009 - 11:46 PM

I can't run OTC because my computer crashed during the reboot.

Actually, my computer has started crashing frequently. I had six crashes in the past two hours. I'm not quite sure why. I downloaded Starter in order to organize my startup programs, but my computer crashed upon unzipping the file. After I did a hard reset and reopened the folder where the file is located, it crashed again. I rebooted into Safe Mode and deleted the files. I then entered my Programs folder in order to uninstall a few programs, and my computer crashed again.

Right now, I'm checking Task Manager and I'm seeing ESET is taking 100% of my CPU processing. I believe it is running an active scan that is scheduled every Thursday. Is it the reason I'm crashing, because I'm demanding too much performance from my computer at the moment?

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 31 July 2009 - 05:24 AM

Crash? Does it produce any error?.. Can you give me your pc specification? Such as RAM, Processor, Hard disk, etc..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 31 July 2009 - 09:03 AM

I guess crashing isn't the right term. Rather, I think my computer keeps freezing. No error message appeared, but when I noticed my computer remained at the same screen for twenty minutes (even the clock didn't move), I decided to perform a hard reset.

Processor: Intel® Core™2 Duo CPU T8300 @ 2.40 GHz
Total RAM: 2 GB
Available RAM: 1.05 GB
Total Hard Disk: 93.1 GB
Available Hard Disk: 35 GB

Edited by Forgotten_One, 31 July 2009 - 09:10 AM.


#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 31 July 2009 - 09:38 AM

Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 31 July 2009 - 08:45 PM

I attempted to run RSIT.

It gave me the following error during "Performing Registry Dump"

Line -1
Error: Subscript used with non-Array variable




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users