Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google gets redirected....moved from "Am I infected?"


  • This topic is locked This topic is locked
45 replies to this topic

#1 Roseannjohn

Roseannjohn

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 09 August 2009 - 10:30 PM

So...got moved from the "Am I infected?" area to here.

Problems:
1. When I try to open up certain programs, a screen comes up saying "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the items." This message comes up for programs that I have had no problem in opening three days ago.

2. I google something....Search results appear...I click on a link....some other website comes up instead. Go back to results page and try to click on the link again, same thing happens.

3. Can't run malware.

this is my prior topic link:
http://www.bleepingcomputer.com/forums/t/247626/spyware-trojans/

PLEASE HELP!!!

DDS log:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Rose at 22:15:05.67 on Sun 08/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.226 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Documents and Settings\Rose\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
TB: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Monopod] c:\docume~1\rose\locals~1\temp\b.exe
uRun: [MalwareRemovalBot] c:\program files\malwareremovalbot\MalwareRemovalBot.exe -boot
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [BigDogPath] c:\windows\VM_STI.EXE QHM500LM USB PC Camera
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\progra~1\mcafee\spamki~1\mcapfbho.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} - hxxp://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-1-13 72992]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-8-8 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-8-8 25160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-3-6 207656]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-1-13 1078560]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-8-8 707152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-3-6 358736]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-14 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-3-6 605512]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-3-6 40488]
S1 dxgthkk;dxgthkk;c:\windows\system32\drivers\dxgthkk.sys --> c:\windows\system32\drivers\dxgthkk.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-3-6 144704]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\20.tmp --> c:\windows\system32\20.tmp [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-3-6 79240]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-3-6 35240]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-3-6 34152]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart board drivers\SMARTSNMPAgent.exe [2008-10-22 1041704]
S3 SMART Web Server;SMART Web Server;c:\program files\smart technologies\smart board drivers\WebServer.exe [2008-10-22 1213736]

=============== Created Last 30 ================

2009-08-09 21:39 --d----- c:\program files\Cobian Backup 8
2009-08-09 20:14 --d----- c:\program files\Cobian Backup 6
2009-08-09 15:54 130 a------- c:\windows\cfplogvw.INI
2009-08-08 21:38 --d----- c:\program files\Sophos
2009-08-08 20:38 0 a------- c:\windows\system32\setup_XP.ini
2009-08-08 15:20 --d----- c:\documents and settings\rose\DoctorWeb
2009-08-08 11:43 --d----- c:\program files\Blue Coat K9 Web Protection
2009-08-08 11:31 1,474,832 a------- c:\windows\system32\drivers\sfi.dat
2009-08-08 10:21 --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-08-08 10:21 179,792 a------- c:\windows\system32\guard32.dll
2009-08-08 10:21 132,040 a------- c:\windows\system32\drivers\cmdguard.sys
2009-08-08 10:21 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-08-08 10:21 --d----- c:\program files\COMODO
2009-08-07 14:48 --d----- c:\docume~1\rose\applic~1\Uniblue
2009-08-07 03:26 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-08-07 03:12 --d----- c:\windows\system32\XPSViewer
2009-08-07 03:10 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-07 03:10 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 03:10 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-07 03:10 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 03:10 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 03:10 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-07 03:10 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 03:10 --d----- C:\163fd2b960706263352e7d66209bd8
2009-08-07 03:09 --d----- c:\windows\SxsCaPendDel
2009-08-06 17:09 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 14:42 --d----- c:\docume~1\rose\applic~1\MalwareRemovalBot
2009-08-06 14:03 1,215,587 a------- c:\windows\system32\xa.tmp
2009-08-02 21:04 --dsh--- c:\documents and settings\rose\IECompatCache
2009-08-02 18:15 --d----- c:\windows\ie8updates
2009-08-02 09:44 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-02 09:44 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-02 09:44 --dsh--- c:\documents and settings\rose\PrivacIE
2009-08-02 09:37 --dsh--- c:\documents and settings\rose\IETldCache
2009-08-02 09:31 -cd-h--- c:\windows\ie8
2009-07-26 13:48 --d----- c:\windows\Cache
2009-07-26 13:48 --d----- c:\program files\Coupons
2009-07-22 10:41 40,960 a------- c:\windows\system32\lxctvs.dll
2009-07-22 10:41 335,872 a------- c:\windows\system32\lxctcoin.dll
2009-07-22 10:40 692,224 a------- c:\windows\system32\lxctdrs.dll
2009-07-22 10:40 65,536 a------- c:\windows\system32\lxctcaps.dll
2009-07-22 10:40 61,440 a------- c:\windows\system32\lxctcnv4.dll
2009-07-22 10:39 40,960 a------- c:\windows\system32\lxctpmon.dll
2009-07-22 10:39 32,768 a------- c:\windows\system32\LXCTFXPU.DLL
2009-07-22 10:39 12,288 a------- c:\windows\system32\lxctpmrc.dll
2009-07-22 10:37 --d----- c:\program files\Lexmark 5400 Series
2009-07-16 16:37 466,944 a------- c:\windows\system32\BSTIEPrintCtl1.dll

==================== Find3M ====================

2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 11:12 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 06:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 119,808 a------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\dllcache\fontsub.dll
2009-06-15 20:44 33,808 ac------ c:\docume~1\rose\applic~1\GDIPFONTCACHEV1.DAT
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\dllcache\quartz.dll
2006-10-15 20:47 1,297,984 ac------ c:\program files\ppttmpl1.exe
2005-11-06 11:05 1,014,477 ac------ c:\program files\wrar351.exe
2004-09-22 07:18 2,505,472 ac------ c:\program files\bsplayer100.812.exe
2004-09-17 17:49 7,680,064 ac------ c:\program files\DivX521XP2K.exe
2006-06-08 18:44 88 -c-shr-- c:\windows\system32\C1DD435738.sys
2008-11-08 09:32 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110820081109\index.dat

============= FINISH: 22:16:42.00 ===============



Attach log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/6/2006 12:57:08 PM
System Uptime: 8/9/2009 7:25:37 PM (3 hours ago)

Motherboard: Dell Inc. | | 0RJ272
Processor: IntelŪ PentiumŪ M processor 1.80GHz | Microprocessor | 1795/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 39 GiB total, 6.588 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 4.162 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP185: 8/6/2009 2:15:14 PM - System Checkpoint
RP186: 8/6/2009 2:15:15 PM - System Checkpoint
RP187: 8/6/2009 2:15:16 PM - Software Distribution Service 3.0
RP188: 8/6/2009 2:15:17 PM - System Checkpoint
RP189: 8/6/2009 2:15:18 PM - System Checkpoint
RP190: 8/6/2009 2:15:19 PM - System Checkpoint
RP191: 8/6/2009 2:15:20 PM - System Checkpoint
RP192: 8/6/2009 2:15:20 PM - System Checkpoint
RP193: 8/6/2009 2:15:21 PM - System Checkpoint
RP194: 8/6/2009 2:15:21 PM - System Checkpoint
RP195: 8/6/2009 2:15:22 PM - System Checkpoint
RP196: 8/6/2009 2:15:23 PM - System Checkpoint
RP197: 8/6/2009 2:15:24 PM - System Checkpoint
RP198: 8/6/2009 2:15:25 PM - System Checkpoint
RP199: 8/6/2009 2:15:26 PM - System Checkpoint
RP200: 8/6/2009 2:15:27 PM - Software Distribution Service 3.0
RP201: 6/12/2009 11:45:10 PM - System Checkpoint
RP202: 6/14/2009 12:34:28 AM - System Checkpoint
RP203: 6/15/2009 5:31:48 PM - System Checkpoint
RP204: 6/17/2009 8:23:35 PM - System Checkpoint
RP205: 6/19/2009 11:25:54 AM - System Checkpoint
RP206: 6/20/2009 12:35:50 PM - System Checkpoint
RP207: 6/28/2009 9:11:00 AM - System Checkpoint
RP208: 6/29/2009 11:01:01 AM - System Checkpoint
RP209: 7/11/2009 5:18:54 PM - System Checkpoint
RP210: 7/12/2009 11:49:35 PM - System Checkpoint
RP211: 7/14/2009 3:16:43 PM - System Checkpoint
RP212: 7/16/2009 9:39:58 AM - Software Distribution Service 3.0
RP213: 7/18/2009 6:07:57 PM - System Checkpoint
RP214: 7/21/2009 5:27:37 PM - System Checkpoint
RP215: 7/22/2009 10:39:55 AM - Printer Driver Fax Lexmark 5400 Series Printer Installed
RP216: 7/25/2009 10:58:13 AM - System Checkpoint
RP217: 7/26/2009 6:33:24 PM - System Checkpoint
RP218: 7/28/2009 9:45:03 AM - System Checkpoint
RP219: 7/29/2009 4:54:46 PM - Software Distribution Service 3.0
RP220: 8/2/2009 9:26:23 AM - Software Distribution Service 3.0
RP221: 8/2/2009 6:14:28 PM - Software Distribution Service 3.0
RP222: 8/3/2009 9:51:57 PM - System Checkpoint
RP223: 8/6/2009 2:42:06 PM - Installed MalwareRemovalBot
RP224: 8/6/2009 2:59:54 PM - Removed MalwareRemovalBot
RP225: 8/6/2009 5:12:16 PM - Restore Operation
RP226: 8/6/2009 5:22:29 PM - Restore Operation
RP227: 8/7/2009 3:00:33 AM - Software Distribution Service 3.0
RP228: 8/7/2009 3:36:02 AM - Printer Driver Microsoft XPS Document Writer Installed
RP229: 8/7/2009 10:56:14 AM - Software Distribution Service 3.0
RP230: 8/7/2009 11:31:55 AM - Installed SUPERAntiSpyware Free Edition
RP231: 8/7/2009 1:35:23 PM - bad restore
RP232: 8/7/2009 3:43:30 PM - Removed SUPERAntiSpyware Free Edition
RP233: 8/8/2009 9:45:21 AM - Software Distribution Service 3.0
RP234: 8/9/2009 6:44:42 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AIM 6
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bee Dance
Blue CoatŪ K9 Web Protection 4.0.288
Broadcom Management Programs
CMP Grade 8
CMP Transformation Tool
Cobian Backup 8
COMODO Internet Security
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell System Restore
Dell Wireless WLAN Card
Digital Content Portal
Digital Line Detect
DivX
DivX Player
DivX Web Player
ExamView ActiveX Control v2
ExamView Assessment Suite
FileASSASSIN
FunTools
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Image Analysis Tool
IntelŪ Graphics Media Accelerator Driver for Mobile
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 11
Java™ 6 Update 7
LessonView
Lexmark 5400 Series
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
McAfee SecurityCenter
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint 2003 Template Pack 1
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Notebook Software
Picasa 3
PowerDVD 5.5
QHM500LM USB PC Camera
QuickSet
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SMART Board Drivers
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sophos Anti-Rootkit 1.5.0
Statistics Tool
StatTools
Stretching and Shrinking
Synaptics Pointing Device Driver
TeacherEXPRESS: Grade 8 Connected Mathematics 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6d
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

8/8/2009 9:57:32 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
8/8/2009 9:45:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
8/8/2009 9:45:37 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/8/2009 3:20:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/8/2009 3:19:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV bckd cmdGuard cmdHlp Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss SASKUTIL Tcpip WS2IFSL
8/8/2009 2:05:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SMART Board Service service to connect.
8/8/2009 12:43:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Real-time Scanner service to connect.
8/8/2009 12:43:17 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/8/2009 10:58:22 AM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
8/8/2009 10:19:30 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2009 8:56:04 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2009 3:43:59 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
8/7/2009 3:34:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server service to connect.
8/7/2009 3:34:18 PM, error: Service Control Manager [7000] - The McAfee SpamKiller Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/7/2009 3:34:18 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MskService with arguments "" in order to run the server: {5109B8D8-73AF-4C41-A70E-73707E1F908A}
8/7/2009 11:21:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
8/7/2009 11:13:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/7/2009 11:13:38 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/7/2009 11:06:31 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
8/7/2009 11:05:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss SASKUTIL Tcpip WS2IFSL
8/7/2009 11:04:50 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2009 11:04:50 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2009 11:04:50 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2009 11:04:50 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2009 11:04:50 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/6/2009 9:17:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
8/6/2009 9:17:03 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

Attached Files

  • Attached File  DDS.txt   14.69KB   10 downloads


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 19 August 2009 - 09:48 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



If you still require assistance post a new set of DDS Logs and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log please refer to this page and in step #6 there is instructions on downloading and running DDS. IF you have any problems just let me know in your next reply or simply post a Hijackthis log.

Then, please run RootRepeal:

Download and run RootRepeal CR

Please download RootRepeal to your desktop
Alternative Download Link 2
Alternative Download Link 3
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Unzip it to it's own folder
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the Report tab at the bottom.
  • Now click the Scan button in the Report Tab. Posted Image
  • A box will pop up, check the boxes beside ALL Seven options/scan area
    Posted Image
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. Posted Image
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.
For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 Roseannjohn

Roseannjohn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 19 August 2009 - 10:22 PM

thanks for finally getting to me!

by looking at this forum, i see a lot of ppl are having the same problem as me.

i just read this post, so tomorrow i will do as u say and post all logs.

Thanks again!

#4 Roseannjohn

Roseannjohn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 20 August 2009 - 09:24 AM

DDS logs:

DDS

DDS (Ver_09-07-30.01) - NTFSx86
Run by Rose at 22:15:05.67 on Sun 08/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.226 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Documents and Settings\Rose\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
TB: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Monopod] c:\docume~1\rose\locals~1\temp\b.exe
uRun: [MalwareRemovalBot] c:\program files\malwareremovalbot\MalwareRemovalBot.exe -boot
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [BigDogPath] c:\windows\VM_STI.EXE QHM500LM USB PC Camera
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\progra~1\mcafee\spamki~1\mcapfbho.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} - hxxp://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-1-13 72992]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-8-8 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-8-8 25160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-3-6 207656]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-1-13 1078560]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-8-8 707152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-3-6 358736]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-14 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-3-6 605512]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-3-6 40488]
S1 dxgthkk;dxgthkk;c:\windows\system32\drivers\dxgthkk.sys --> c:\windows\system32\drivers\dxgthkk.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-3-6 144704]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\20.tmp --> c:\windows\system32\20.tmp [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-3-6 79240]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-3-6 35240]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-3-6 34152]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart board drivers\SMARTSNMPAgent.exe [2008-10-22 1041704]
S3 SMART Web Server;SMART Web Server;c:\program files\smart technologies\smart board drivers\WebServer.exe [2008-10-22 1213736]

=============== Created Last 30 ================

2009-08-09 21:39 <DIR> --d----- c:\program files\Cobian Backup 8
2009-08-09 20:14 <DIR> --d----- c:\program files\Cobian Backup 6
2009-08-09 15:54 130 a------- c:\windows\cfplogvw.INI
2009-08-08 21:38 <DIR> --d----- c:\program files\Sophos
2009-08-08 20:38 0 a------- c:\windows\system32\setup_XP.ini
2009-08-08 15:20 <DIR> --d----- c:\documents and settings\rose\DoctorWeb
2009-08-08 11:43 <DIR> --d----- c:\program files\Blue Coat K9 Web Protection
2009-08-08 11:31 1,474,832 a------- c:\windows\system32\drivers\sfi.dat
2009-08-08 10:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-08-08 10:21 179,792 a------- c:\windows\system32\guard32.dll
2009-08-08 10:21 132,040 a------- c:\windows\system32\drivers\cmdguard.sys
2009-08-08 10:21 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-08-08 10:21 <DIR> --d----- c:\program files\COMODO
2009-08-07 14:48 <DIR> --d----- c:\docume~1\rose\applic~1\Uniblue
2009-08-07 03:26 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-08-07 03:12 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-07 03:10 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-07 03:10 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 03:10 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-07 03:10 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 03:10 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 03:10 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-07 03:10 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 03:10 <DIR> --d----- C:\163fd2b960706263352e7d66209bd8
2009-08-07 03:09 <DIR> --d----- c:\windows\SxsCaPendDel
2009-08-06 17:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 14:42 <DIR> --d----- c:\docume~1\rose\applic~1\MalwareRemovalBot
2009-08-06 14:03 1,215,587 a------- c:\windows\system32\xa.tmp
2009-08-02 21:04 <DIR> --dsh--- c:\documents and settings\rose\IECompatCache
2009-08-02 18:15 <DIR> --d----- c:\windows\ie8updates
2009-08-02 09:44 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-02 09:44 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-02 09:44 <DIR> --dsh--- c:\documents and settings\rose\PrivacIE
2009-08-02 09:37 <DIR> --dsh--- c:\documents and settings\rose\IETldCache
2009-08-02 09:31 <DIR> -cd-h--- c:\windows\ie8
2009-07-26 13:48 <DIR> --d----- c:\windows\Cache
2009-07-26 13:48 <DIR> --d----- c:\program files\Coupons
2009-07-22 10:41 40,960 a------- c:\windows\system32\lxctvs.dll
2009-07-22 10:41 335,872 a------- c:\windows\system32\lxctcoin.dll
2009-07-22 10:40 692,224 a------- c:\windows\system32\lxctdrs.dll
2009-07-22 10:40 65,536 a------- c:\windows\system32\lxctcaps.dll
2009-07-22 10:40 61,440 a------- c:\windows\system32\lxctcnv4.dll
2009-07-22 10:39 40,960 a------- c:\windows\system32\lxctpmon.dll
2009-07-22 10:39 32,768 a------- c:\windows\system32\LXCTFXPU.DLL
2009-07-22 10:39 12,288 a------- c:\windows\system32\lxctpmrc.dll
2009-07-22 10:37 <DIR> --d----- c:\program files\Lexmark 5400 Series
2009-07-16 16:37 466,944 a------- c:\windows\system32\BSTIEPrintCtl1.dll

==================== Find3M ====================

2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 11:12 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 06:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 119,808 a------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\dllcache\fontsub.dll
2009-06-15 20:44 33,808 ac------ c:\docume~1\rose\applic~1\GDIPFONTCACHEV1.DAT
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\dllcache\quartz.dll
2006-10-15 20:47 1,297,984 ac------ c:\program files\ppttmpl1.exe
2005-11-06 11:05 1,014,477 ac------ c:\program files\wrar351.exe
2004-09-22 07:18 2,505,472 ac------ c:\program files\bsplayer100.812.exe
2004-09-17 17:49 7,680,064 ac------ c:\program files\DivX521XP2K.exe
2006-06-08 18:44 88 -c-shr-- c:\windows\system32\C1DD435738.sys
2008-11-08 09:32 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110820081109\index.dat

============= FINISH: 22:16:42.00 ===============



Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/6/2006 12:57:08 PM
System Uptime: 8/9/2009 7:25:37 PM (3 hours ago)

Motherboard: Dell Inc. | | 0RJ272
Processor: Intel® Pentium® M processor 1.80GHz | Microprocessor | 1795/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 39 GiB total, 6.588 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 4.162 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP185: 8/6/2009 2:15:14 PM - System Checkpoint
RP186: 8/6/2009 2:15:15 PM - System Checkpoint
RP187: 8/6/2009 2:15:16 PM - Software Distribution Service 3.0
RP188: 8/6/2009 2:15:17 PM - System Checkpoint
RP189: 8/6/2009 2:15:18 PM - System Checkpoint
RP190: 8/6/2009 2:15:19 PM - System Checkpoint
RP191: 8/6/2009 2:15:20 PM - System Checkpoint
RP192: 8/6/2009 2:15:20 PM - System Checkpoint
RP193: 8/6/2009 2:15:21 PM - System Checkpoint
RP194: 8/6/2009 2:15:21 PM - System Checkpoint
RP195: 8/6/2009 2:15:22 PM - System Checkpoint
RP196: 8/6/2009 2:15:23 PM - System Checkpoint
RP197: 8/6/2009 2:15:24 PM - System Checkpoint
RP198: 8/6/2009 2:15:25 PM - System Checkpoint
RP199: 8/6/2009 2:15:26 PM - System Checkpoint
RP200: 8/6/2009 2:15:27 PM - Software Distribution Service 3.0
RP201: 6/12/2009 11:45:10 PM - System Checkpoint
RP202: 6/14/2009 12:34:28 AM - System Checkpoint
RP203: 6/15/2009 5:31:48 PM - System Checkpoint
RP204: 6/17/2009 8:23:35 PM - System Checkpoint
RP205: 6/19/2009 11:25:54 AM - System Checkpoint
RP206: 6/20/2009 12:35:50 PM - System Checkpoint
RP207: 6/28/2009 9:11:00 AM - System Checkpoint
RP208: 6/29/2009 11:01:01 AM - System Checkpoint
RP209: 7/11/2009 5:18:54 PM - System Checkpoint
RP210: 7/12/2009 11:49:35 PM - System Checkpoint
RP211: 7/14/2009 3:16:43 PM - System Checkpoint
RP212: 7/16/2009 9:39:58 AM - Software Distribution Service 3.0
RP213: 7/18/2009 6:07:57 PM - System Checkpoint
RP214: 7/21/2009 5:27:37 PM - System Checkpoint
RP215: 7/22/2009 10:39:55 AM - Printer Driver Fax Lexmark 5400 Series Printer Installed
RP216: 7/25/2009 10:58:13 AM - System Checkpoint
RP217: 7/26/2009 6:33:24 PM - System Checkpoint
RP218: 7/28/2009 9:45:03 AM - System Checkpoint
RP219: 7/29/2009 4:54:46 PM - Software Distribution Service 3.0
RP220: 8/2/2009 9:26:23 AM - Software Distribution Service 3.0
RP221: 8/2/2009 6:14:28 PM - Software Distribution Service 3.0
RP222: 8/3/2009 9:51:57 PM - System Checkpoint
RP223: 8/6/2009 2:42:06 PM - Installed MalwareRemovalBot
RP224: 8/6/2009 2:59:54 PM - Removed MalwareRemovalBot
RP225: 8/6/2009 5:12:16 PM - Restore Operation
RP226: 8/6/2009 5:22:29 PM - Restore Operation
RP227: 8/7/2009 3:00:33 AM - Software Distribution Service 3.0
RP228: 8/7/2009 3:36:02 AM - Printer Driver Microsoft XPS Document Writer Installed
RP229: 8/7/2009 10:56:14 AM - Software Distribution Service 3.0
RP230: 8/7/2009 11:31:55 AM - Installed SUPERAntiSpyware Free Edition
RP231: 8/7/2009 1:35:23 PM - bad restore
RP232: 8/7/2009 3:43:30 PM - Removed SUPERAntiSpyware Free Edition
RP233: 8/8/2009 9:45:21 AM - Software Distribution Service 3.0
RP234: 8/9/2009 6:44:42 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AIM 6
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bee Dance
Blue CoatŪ K9 Web Protection 4.0.288
Broadcom Management Programs
CMP Grade 8
CMP Transformation Tool
Cobian Backup 8
COMODO Internet Security
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell System Restore
Dell Wireless WLAN Card
Digital Content Portal
Digital Line Detect
DivX
DivX Player
DivX Web Player
ExamView ActiveX Control v2
ExamView Assessment Suite
FileASSASSIN
FunTools
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Image Analysis Tool
Intel® Graphics Media Accelerator Driver for Mobile
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 11
Java™ 6 Update 7
LessonView
Lexmark 5400 Series
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
McAfee SecurityCenter
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint 2003 Template Pack 1
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Notebook Software
Picasa 3
PowerDVD 5.5
QHM500LM USB PC Camera
QuickSet
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SMART Board Drivers
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sophos Anti-Rootkit 1.5.0
Statistics Tool
StatTools
Stretching and Shrinking
Synaptics Pointing Device Driver
TeacherEXPRESS: Grade 8 Connected Mathematics 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6d
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

8/8/2009 9:57:32 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
8/8/2009 9:45:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
8/8/2009 9:45:37 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/8/2009 3:20:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/8/2009 3:19:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV bckd cmdGuard cmdHlp Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss SASKUTIL Tcpip WS2IFSL
8/8/2009 2:05:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SMART Board Service service to connect.
8/8/2009 12:43:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Real-time Scanner service to connect.
8/8/2009 12:43:17 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/8/2009 10:58:22 AM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
8/8/2009 10:19:30 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2009 8:56:04 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2009 3:43:59 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
8/7/2009 3:34:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server service to connect.
8/7/2009 3:34:18 PM, error: Service Control Manager [7000] - The McAfee SpamKiller Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/7/2009 3:34:18 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MskService with arguments "" in order to run the server: {5109B8D8-73AF-4C41-A70E-73707E1F908A}
8/7/2009 11:21:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
8/7/2009 11:13:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/7/2009 11:13:38 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/7/2009 11:06:31 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
8/7/2009 11:05:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss SASKUTIL Tcpip WS2IFSL
8/7/2009 11:04:50 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2009 11:04:50 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2009 11:04:50 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2009 11:04:50 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2009 11:04:50 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/6/2009 9:17:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
8/6/2009 9:17:03 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================



RepealScan
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/20 08:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6631000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xA916B000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xA9198000 Size: 61440 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\scecli.dll
Status: Locked to the Windows API!

Path: c:\windows\temp\mcmsc_qrme3lttaythelq
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\windows\temp\sqlite_1hp5qpop0xj5yny
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_9ih7wnoiae8qlso
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_msquwlokxsechng
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_rfrypsc3dbkebia
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_hchnzj47cpktcsn
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_iqc5dy8g0pnd4p5
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_0pj91e0aziftikz
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_yb7ewkmoxyjjrmo
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_86yzqkuouvi87mu
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_8flrqmvqsctfbsx
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_aqfifhrseihqpdm
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_c2yocb7odnwntr1
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_ixigoiuss01nswf
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\sfi.dat
Status: Locked to the Windows API!

Path: c:\documents and settings\rose\local settings\temp\~df44e4.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\rose\local settings\temp\~dfa18.tmp
Status: Allocation size mismatch (API: 262144, Raw: 16384)

Path: c:\documents and settings\rose\local settings\temp\~dfc32d.tmp
Status: Allocation size mismatch (API: 57344, Raw: 0)

Path: \\?\C:\Program Files\COMODO\COMODO Internet Security\Quarantine\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0148108.pif
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0148108.pif.info
Status: Invisible to the Windows API!

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1af68

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1a472

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1ab0c

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1b4e4

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1a150

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1c1f0

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1c4c8

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c19d16

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1b14e

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1b2fe

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c19a78

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1be72

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1a6f6

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1ad50

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c197a8

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1a986

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c19920

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1b8aa

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1a26e

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1bc0e

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1c020

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1b6aa

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1a690

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1a87a

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1a01a

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c19ee8

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1e2a4

#: 122 Function Name: NtGdiDeleteObjectApp
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1e9c8

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1e3d8

#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1e888

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1e518

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1e64c

#: 310 Function Name: NtUserBlockInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1e124

#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1d376

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1ddf4

#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1e786

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1db62

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1dca4

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1d846

#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1d0ae

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1d4f8

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1d6a4

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1df44

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1da08

#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1e03a

#: 529 Function Name: NtUserSetParent
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1d21e

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1ea2e

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9c1ec62

==EOF==

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 20 August 2009 - 11:35 AM

Hello.

Thanks for the logs.

You have a nasty infection here. Please do the following.

Backup Registry with ERUNT

This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

---

We need to uninstall one of your security programs. You should NOT have 2 anti-virus software running at the same time.

2 Anti-virus/Firewall Programs Running Simultaenously Warning

I do not recommend that you have more than one anti virus or firewall product installed and running on your computer at a time. In addition to wasting resources, if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Comodo Internet Security or McAfee Security Center.

Please uninstall them until you are only running one antivirus using Add/Remove Programs if you are using XP or remove it via Programs and Features if you are using Vista.



Download and Run Win32KDiag

Please download Win32Diag from one of the links below and save it to your desktop.

[url="http://"http://rootrepeal.psikotick.com/Win32kDiag.exe"]Link 1[/url]
[url="http://"http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe"]Link 2[/url]
[url="http://"http://ad13.geekstogo.com/Win32kDiag.exe"]Link 3[/url]
  • Double-click on Win32Diag.exe to run it. If you are using Windows Vista, please right-click and select Run As Administrator
  • A black command prompt window shall appear.
  • It will now begin to scan. This may take a while, please be paitent until the scan is complete.
  • Once it's done, in the black screen it will say "Finished! Press any key to exit.... Press any key to exit.
  • A log file called Win32KDiag.txt will be created on your desktop.
  • Please copy and paste the contents of that log file here in your next reply please.
We will start with Combofix. If Combofix doesn't work let me know, and we may have to deal with this "manually" with some other tools. :thumbup2:

--

Download and Run Combofix

Download ComboFix from this location:

* IMPORTANT !!! Place it on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, They may otherwise interfere with ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Usually via a right click on the System Tray icon and selecting "disable".
  • Refer to this page if you are not sure how.
Disabling McAfee Security Center Properly

Open McAfee Security Centre
  • Under Common Tasks click on Home
  • Click Computer Files
  • Click Configure
  • Make sure the following are disabled by ticking the "Off" button.

    Virus protection
    Spyware protection
    System Guards Protection
    Script Scanning Protection (you may have to scroll down to see it)

  • Next, select never for "When to re-enable real time scanning"
  • and click OK.
  • Close any open windows, including this one.

If you can't disable your security programs properly or it can not be disabled properly, you may wish to uninstall it and then re-install it afterwards once it's done.
  • Double-click on the Combofix file you just downloaded & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • If you do not have it installed, you will see the prompt below. Choose YES.
Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

For your next reply post back with:
-Win32kDiak log file
-Combofix log file


If you do have any problems, do not hesitate to post back here and let me know. In fact, please DO, post back here letting me know.

With Regards,
Extremeboy

Edited by extremeboy, 30 August 2009 - 11:41 AM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 Roseannjohn

Roseannjohn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 20 August 2009 - 03:45 PM

i was trying to run win32kdiag.exe and this message came up:

"Cannot access: C:\WINDOWS\system32\drivers\sfi.dat"

what should i do now?

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 20 August 2009 - 08:52 PM

Hello.

Did the scan complete however? You need to wait until the scan is complete. IT may take up to 5 minutes sometimes.

After that's done, proceed with Combofix.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 Roseannjohn

Roseannjohn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 20 August 2009 - 09:17 PM

i will try again

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 20 August 2009 - 09:24 PM

Sure.

Let me know how it goes.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 Roseannjohn

Roseannjohn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 20 August 2009 - 09:51 PM

still did not work.

should i run combofix?

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 20 August 2009 - 09:57 PM

Hello.

"still did not work."
What didn't work exactly? What happened? Please let me know in your next reply.

I would still like you to proceed with Combofix however:

Anyhow, please continue with the running of Combofix. Please follow the instructions EXACTLY as provided in my previous reply. Any problems/issues, please let me know.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 24 August 2009 - 02:53 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 27 August 2009 - 03:43 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 29 August 2009 - 04:02 PM

Topic re-opened upon user's request.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 Roseannjohn

Roseannjohn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 29 August 2009 - 10:55 PM

i tried three times to work combofix, but it won't work. the error message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the items."

what should i do?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users