Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cmd.exe problem. task mgr gone.


  • This topic is locked This topic is locked
2 replies to this topic

#1 nova9909

nova9909

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 11 October 2009 - 04:48 AM

Computer wouldn't boot. fixed that w/recovery console. now getting a error "Cmd.exe in use by other program" and tsk mgr is non existent. researched online and found your site. followed the tutorial running BFU, combofix, DDS, and Rootrepeal. Tsk mgr is back however i would like further guidance as to fixing this problem completely.


DDS (Ver_09-09-29.01) - NTFSx86
Run by Mat at 12:26:09.06 on Sun 10/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.36 [GMT 3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\ctv63854.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Mat\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [mqlwindl] c:\windows\system32\lsprcxs.exe
uRun: [zmmclr] c:\windows\system32\ncmdds.exe
uRun: [wesspell] c:\windows\system32\qazbrnn.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {cafeefac-0016-0000-0015-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mat\applic~1\mozilla\firefox\profiles\8iuvutjx.default\
FF - prefs.js: browser.startup.homepage - www.google.com/ncr
FF - component: c:\documents and settings\mat\application data\mozilla\firefox\profiles\8iuvutjx.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\mat\application data\mozilla\firefox\profiles\8iuvutjx.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsaidetect.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsaix.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R3 qrkis;TetherBerry Miniport;c:\windows\system32\drivers\qrkis.sys [2009-5-21 45608]
S3 PAC7302;PC VGA Camer@ Plus;c:\windows\system32\drivers\PAC7302.SYS [2007-9-10 457984]
S3 SliceDisk5;SliceDisk5;\??\c:\program files\a-ff find and mount\slicedisk.sys --> c:\program files\a-ff find and mount\slicedisk.sys [?]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-7-22 28592]
UnknownUnknown 1ba32988;1ba32988; [x]

=============== Created Last 30 ================

2009-10-11 12:15 <DIR> --d----- c:\program files\Trend Micro
2009-10-10 18:19 45,040 a--shr-- c:\windows\system32\qazbrnn .exe
2009-10-10 18:19 30,720 a------- c:\windows\system32\qazbrnn.exe
2009-10-10 18:19 45,036 a--shr-- c:\windows\system32\ncmdds .exe
2009-10-10 18:19 30,720 a------- c:\windows\system32\ncmdds.exe
2009-10-10 18:10 <DIR> acdshr-- C:\cmdcons
2009-10-10 18:05 16,384 a------- c:\documents and settings\mat\winsi.exe
2009-10-10 18:04 229,888 a------- c:\windows\PEV.exe
2009-10-10 18:04 161,792 a------- c:\windows\SWREG.exe
2009-10-10 18:04 98,816 a------- c:\windows\sed.exe
2009-10-10 07:54 <DIR> -cd----- C:\bintheredunthat
2009-10-10 07:46 <DIR> -cd----- C:\BFU
2009-10-10 02:13 <DIR> --d----- c:\windows\pss
2009-10-09 06:29 1,024 ac------ C:\fcysp.exe
2009-10-09 06:28 17,408 ac------ C:\jcpqbpox.exe
2009-10-09 06:28 9,216 ac------ C:\rbekc.exe
2009-10-09 06:23 9,216 ac------ C:\xcnq.exe
2009-10-09 06:23 6,144 ac------ C:\qvnvkmid.exe
2009-10-08 22:37 25,600 a------- c:\windows\system32\sfsp.cfo
2009-10-08 21:01 201,728 ac------ C:\mneoficc.exe
2009-10-08 07:24 116,736 ac------ C:\vjufxa.exe
2009-10-08 07:24 9,216 ac------ C:\fcgvf.exe
2009-10-08 07:24 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-10-08 07:24 109,056 ac------ C:\ikfturj.exe
2009-10-08 07:23 30,720 ac------ C:\ccpedw.exe
2009-10-08 07:23 195,201 ac------ C:\icsogi.exe
2009-10-08 07:23 30,720 a------- c:\windows\system32\lsprcxs.exe
2009-10-08 07:23 96,256 ac------ C:\ptlesdu.exe
2009-10-08 07:23 108,336 a------- c:\windows\system32\mswinsck.ocx
2009-10-08 07:23 163,840 ac------ C:\bb.exe
2009-10-08 07:23 92 ac------ C:\3866627.bat
2009-10-08 07:22 195,201 ac------ C:\fawbtymi.exe
2009-10-08 07:22 31,744 ac------ C:\dskgcpg.exe
2009-10-08 07:22 9,216 ac------ C:\pcqreok.exe
2009-10-08 07:22 30,720 a------- c:\documents and settings\mat\mdm.exe
2009-10-08 07:22 116,736 ac------ C:\tdgli.exe
2009-10-08 07:22 109,056 ac------ C:\vsvbgk.exe
2009-10-08 07:22 30,720 ac------ C:\eldyl.exe
2009-10-08 07:22 163,840 ac------ C:\aa.exe
2009-10-07 00:04 802,816 a------- c:\windows\system32\mdm.exe
2009-10-07 00:04 147,456 a------- c:\windows\system32\vbzip10.dll
2009-09-25 02:01 <DIR> --d----- c:\docume~1\mat\applic~1\FrostWire
2009-09-25 01:59 <DIR> --d----- c:\program files\FrostWire
2009-09-14 02:06 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 01:24 <DIR> --d----- c:\program files\Conduit

==================== Find3M ====================

2009-10-10 18:28 30,720 a------- c:\windows\system32\hkcmd.exe
2009-10-10 18:04 182,656 -c------ c:\windows\system32\drivers\ndis.sys
2009-10-10 11:03 30,720 a------- c:\windows\system32\igfxtray.exe
2009-10-08 10:34 14,336 -------- c:\windows\system32\svchost.exe
2009-09-10 03:15 13,132 a---h--- c:\windows\system32\mlfcache.dat
2009-08-20 23:51 230,432 ac------ C:\PA7302.DAT
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 12:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 12:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 22:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-04-10 18:52 256 ac------ c:\documents and settings\mat\pool.bin

============= FINISH: 12:26:42.56 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:12 AM

Posted 26 October 2009 - 02:12 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:12 AM

Posted 04 November 2009 - 01:26 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users