Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing "Windows -No Disk, Exception Processing Message c0000013 Parameters 75b6bf7c


  • Please log in to reply
1 reply to this topic

#1 Techguy53

Techguy53

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Willow Grove, PA.
  • Local time:01:05 AM

Posted 27 April 2010 - 12:58 PM

Hi. I am having a problem removing "Windows -No Disk, Exception Processing Message c0000013 Parameters 75b6bf7c, from my PC. I ran the combofix and have the log for it...what do I do next...thanks

ComboFix 10-04-26.02 - Hussain Muhammad 04/26/2010 22:16:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1208 [GMT -4:00]
Running from: h:\documents and settings\Hussain Muhammad\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\docume~1\HUSSAI~1\LOCALS~1\Temp\install_flash_player.exe
H:\setup.exe
h:\windows\system32\Cache
h:\windows\TEMP\logishrd\LVPrcInj01.dll
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))))
.

2010-04-27 00:43 . 2010-04-27 00:43 -------- d-----w- h:\program files\ESET
2010-04-26 02:49 . 2010-04-27 00:31 -------- d-----w- h:\documents and settings\Hussain Muhammad\Application Data\HPAppData
2010-04-26 02:38 . 2010-04-26 02:38 -------- d-----w- h:\documents and settings\All Users\Application Data\WEBREG
2010-04-26 02:01 . 2010-04-26 02:38 -------- d-----w- h:\documents and settings\Hussain Muhammad\Application Data\HP
2010-04-26 02:00 . 2008-10-28 10:27 16496 ----a-r- h:\windows\system32\drivers\HPZipr12.sys
2010-04-26 02:00 . 2008-10-28 10:27 49920 ----a-r- h:\windows\system32\drivers\HPZid412.sys
2010-04-26 02:00 . 2009-04-16 18:08 123904 ----a-w- h:\windows\system32\hpf3l70v.dll
2010-04-26 02:00 . 2009-04-16 18:08 312832 ----a-w- h:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-04-26 02:00 . 2009-04-15 21:53 452408 ----a-r- h:\windows\system32\hpzids01.dll
2010-04-26 02:00 . 2008-10-28 10:27 21568 ----a-r- h:\windows\system32\drivers\HPZius12.sys
2010-04-26 01:59 . 2009-02-10 20:03 966656 ----a-r- h:\windows\system32\hpost_p02c.dll
2010-04-26 01:59 . 2009-02-10 20:03 712704 ----a-r- h:\windows\system32\hposwia_p02c.dll
2010-04-26 01:59 . 2009-02-10 20:03 315392 ----a-r- h:\windows\system32\hposc_p02a.dll
2010-04-26 01:59 . 2008-10-28 10:27 372736 ----a-r- h:\windows\system32\hppldcoi.dll
2010-04-26 01:59 . 2008-10-28 10:27 309760 ----a-r- h:\windows\system32\difxapi.dll
2010-04-26 01:51 . 2010-04-26 01:51 -------- d-----w- h:\documents and settings\All Users\Application Data\HP Product Assistant
2010-04-26 01:51 . 2010-04-26 01:51 -------- d-----w- h:\program files\Common Files\HP
2010-04-26 01:51 . 2010-04-26 01:51 -------- d-----w- h:\program files\Common Files\Hewlett-Packard
2010-04-26 01:50 . 2010-04-26 02:01 -------- d-----w- h:\documents and settings\All Users\Application Data\HP
2010-04-26 01:49 . 2008-04-13 17:45 15104 -c--a-w- h:\windows\system32\dllcache\usbscan.sys
2010-04-26 01:49 . 2008-04-13 17:45 15104 ----a-w- h:\windows\system32\drivers\usbscan.sys
2010-04-26 01:49 . 2008-04-13 17:47 25856 -c--a-w- h:\windows\system32\dllcache\usbprint.sys
2010-04-26 01:49 . 2008-04-13 17:47 25856 ----a-w- h:\windows\system32\drivers\usbprint.sys
2010-04-26 01:41 . 2010-04-26 03:03 192543 ----a-w- h:\windows\hpoins43.dat
2010-04-26 01:41 . 2009-06-11 10:34 675 ------w- h:\windows\hpomdl43.dat
2010-04-24 03:07 . 2010-04-24 03:07 -------- d-----w- h:\program files\Safari
2010-04-20 14:41 . 2010-04-20 14:41 -------- d-----w- h:\documents and settings\Hussain Muhammad\Application Data\Facebook
2010-04-19 23:28 . 2010-04-19 23:28 -------- d-----w- h:\program files\Citrix
2010-04-19 23:28 . 2010-04-19 23:28 72080 ----a-w- h:\documents and settings\Hussain Muhammad\g2mdlhlpx.exe
2010-04-16 01:42 . 1998-10-29 20:45 306688 ----a-w- h:\windows\IsUninst.exe
2010-04-16 01:42 . 2010-04-26 01:53 -------- d-----w- h:\program files\HP
2010-04-14 05:09 . 2010-03-05 18:45 456704 -c----w- h:\windows\system32\dllcache\smtpsvc.dll
2010-04-11 19:08 . 2010-04-11 19:08 664 ----a-w- h:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 02:26 . 2010-02-18 21:24 -------- d-----w- h:\program files\Common Files\Akamai
2010-04-27 02:26 . 2010-02-18 00:46 0 ----a-w- h:\windows\system32\drivers\lvuvc.hs
2010-04-27 02:26 . 2010-02-18 00:41 0 ----a-w- h:\windows\system32\drivers\logiflt.iad
2010-04-27 02:23 . 2010-03-04 17:20 -------- d-----w- h:\documents and settings\Hussain Muhammad\Application Data\Skype
2010-04-27 00:36 . 2010-03-04 17:21 -------- d-----w- h:\documents and settings\Hussain Muhammad\Application Data\skypePM
2010-04-26 02:01 . 2010-02-17 20:21 116368 ----a-w- h:\documents and settings\Hussain Muhammad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-24 03:10 . 2010-02-18 02:09 -------- d-----w- h:\program files\QuickTime
2010-04-24 03:05 . 2010-04-24 03:05 79144 ----a-w- h:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-24 02:44 . 2010-04-24 02:44 503808 ----a-w- h:\documents and settings\Lisa Muhammad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5e88b55f-n\msvcp71.dll
2010-04-24 02:44 . 2010-04-24 02:44 499712 ----a-w- h:\documents and settings\Lisa Muhammad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5e88b55f-n\jmc.dll
2010-04-24 02:44 . 2010-04-24 02:44 61440 ----a-w- h:\documents and settings\Lisa Muhammad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4b7b19e1-n\decora-sse.dll
2010-04-24 02:44 . 2010-04-24 02:44 348160 ----a-w- h:\documents and settings\Lisa Muhammad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5e88b55f-n\msvcr71.dll
2010-04-24 02:44 . 2010-04-24 02:44 12800 ----a-w- h:\documents and settings\Lisa Muhammad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4b7b19e1-n\decora-d3d.dll
2010-04-20 14:41 . 2010-04-20 14:41 50354 ----a-w- h:\documents and settings\Hussain Muhammad\Application Data\Facebook\uninstall.exe
2010-03-30 18:18 . 2010-02-18 00:11 -------- d-----w- h:\program files\Common Files\Java
2010-03-30 18:17 . 2010-03-30 18:17 61440 ----a-w- h:\documents and settings\Hussain Muhammad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7ce14b93-n\decora-sse.dll
2010-03-30 18:17 . 2010-03-30 18:17 503808 ----a-w- h:\documents and settings\Hussain Muhammad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7813c545-n\msvcp71.dll
2010-03-30 18:17 . 2010-03-30 18:17 499712 ----a-w- h:\documents and settings\Hussain Muhammad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7813c545-n\jmc.dll
2010-03-30 18:17 . 2010-03-30 18:17 348160 ----a-w- h:\documents and settings\Hussain Muhammad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7813c545-n\msvcr71.dll
2010-03-30 18:17 . 2010-03-30 18:17 12800 ----a-w- h:\documents and settings\Hussain Muhammad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7ce14b93-n\decora-d3d.dll
2010-03-30 18:17 . 2010-02-18 00:11 -------- d-----w- h:\program files\Java
2010-03-22 00:13 . 2010-03-22 00:13 -------- d-----w- h:\program files\TomTom DesktopSuite
2010-03-15 23:54 . 2010-03-15 23:54 -------- d-----w- h:\documents and settings\All Users\Application Data\TomTom
2010-03-15 23:50 . 2010-03-15 23:50 -------- d-----w- h:\documents and settings\Hussain Muhammad\Application Data\TomTom
2010-03-15 23:50 . 2010-03-15 23:50 -------- d-----w- h:\program files\TomTom International B.V
2010-03-15 23:50 . 2010-03-15 23:50 -------- d-----w- h:\program files\TomTom HOME 2
2010-03-12 14:04 . 2010-03-12 14:04 -------- d-----w- h:\program files\Microsoft Office Outlook Connector
2010-03-12 14:04 . 2010-02-21 03:23 -------- d-----w- h:\program files\MSECache
2010-03-12 02:54 . 2010-03-12 02:54 -------- d-----w- h:\program files\Common Files\Palo Alto Software
2010-03-12 02:54 . 2010-03-12 02:54 -------- d-----w- h:\program files\Palo Alto Software
2010-03-10 06:15 . 2004-08-04 04:56 420352 ----a-w- h:\windows\system32\vbscript.dll
2010-03-09 08:28 . 2010-02-20 15:59 411368 ----a-w- h:\windows\system32\deploytk.dll
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- h:\documents and settings\Hussain Muhammad\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- h:\documents and settings\Hussain Muhammad\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-05 12:13 . 2010-03-05 12:11 -------- d-----w- h:\documents and settings\Michel'le Herder\Application Data\Skype
2010-03-04 17:21 . 2010-03-04 17:21 56 ---ha-w- h:\windows\system32\ezsidmv.dat
2010-03-04 17:20 . 2010-03-04 17:20 -------- d-----r- h:\program files\Skype
2010-03-04 17:20 . 2010-03-04 17:20 -------- d-----w- h:\program files\Common Files\Skype
2010-03-04 17:20 . 2010-03-04 17:20 -------- d-----w- h:\documents and settings\All Users\Application Data\Skype
2010-03-04 04:39 . 2010-03-04 04:39 -------- d-----w- h:\documents and settings\NetworkService\Application Data\McAfee
2010-03-03 21:45 . 2010-03-03 21:45 -------- d-----w- h:\documents and settings\Hussain Muhammad\Application Data\Apple Computer
2010-03-03 14:06 . 2010-03-03 14:06 115984 ----a-w- h:\documents and settings\Lisa Muhammad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-03 08:06 . 2010-03-03 08:06 115984 ----a-w- h:\documents and settings\Michel'le Herder\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-03 07:07 . 2010-03-03 07:07 10134 ----a-r- h:\documents and settings\Hussain Muhammad\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-03-03 07:07 . 2010-03-03 07:07 -------- d-----w- h:\program files\Microsoft WSE
2010-03-03 06:54 . 2010-03-03 06:54 -------- d-----w- h:\program files\Electronic Arts
2010-03-03 06:53 . 2010-02-17 21:58 -------- d--h--w- h:\program files\InstallShield Installation Information
2010-02-25 06:24 . 2004-08-04 04:56 916480 ----a-w- h:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 03:15 455680 ----a-w- h:\windows\system32\drivers\mrxsmb.sys
2010-02-20 15:58 . 2010-02-20 15:58 152576 ----a-w- h:\documents and settings\Hussain Muhammad\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-20 15:58 . 2010-02-20 15:58 79488 ----a-w- h:\documents and settings\Hussain Muhammad\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-20 00:16 . 2010-03-03 04:20 38784 ----a-w- h:\documents and settings\Michel'le Herder\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-20 00:16 . 2010-02-23 02:46 38784 ----a-w- h:\documents and settings\Lisa Muhammad\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-20 00:16 . 2010-02-20 00:16 38784 ----a-w- h:\documents and settings\Hussain Muhammad\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-20 00:16 . 2010-02-20 00:16 38784 ----a-w- h:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-20 00:16 . 2010-02-20 00:16 86016 ----a-w- h:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-19 14:55 . 2010-02-17 20:15 86327 ----a-w- h:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-18 01:11 . 2010-02-18 01:12 737280 ----a-w- h:\windows\iun6002.exe
2010-02-18 00:45 . 2010-02-18 00:45 127034 ------r- h:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-02-18 00:28 . 2010-02-18 00:28 0 ----a-w- h:\windows\nsreg.dat
2010-02-17 21:58 . 2010-02-17 21:58 21035 ----a-w- h:\windows\system32\drivers\AegisP.sys
2010-02-17 20:13 . 2010-02-17 20:13 21640 ----a-w- h:\windows\system32\emptyregdb.dat
2010-02-16 14:08 . 2004-08-04 03:18 2146304 ----a-w- h:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- h:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 04:56 100864 ----a-w- h:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 03:07 226880 ----a-w- h:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2008-07-25 282112]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2008-07-25 16:16 282112 ----a-w- h:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="h:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"Skype"="h:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
"TomTomHOME.exe"="h:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="h:\program files\Registry Mechanic\RegMech.exe" [2007-01-31 2291248]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"SunJavaUpdateSched"="h:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechCommunicationsManager"="h:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="h:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Athan"="h:\program files\Athan\Athan.exe" [2005-09-12 937984]
"Adobe Version Cue CS2"="h:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"NeroFilterCheck"="h:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AdobeCS4ServiceManager"="h:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="h:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="h:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"HP Software Update"="h:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

h:\documents and settings\Hussain Muhammad\Start Menu\Programs\Startup\
Webshots.lnk - h:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-2-17 157088]

h:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - h:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Belkin Wireless G USB Adapter Client Utility.lnk - h:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2010-2-17 1564672]
HP Digital Imaging Monitor.lnk - h:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Logitech Desktop Messenger.lnk - h:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-2-17 66864]
McAfee Security Scan Plus.lnk - h:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Palo Alto Software Update Manager 9.0.lnk - h:\windows\Installer\{6B2D979E-216D-43A4-BAE2-71A185922CA1}\NewShortcut1.BDD3527A_D6D6_4DD6_AEAD_6B5236DA8F67.exe [2010-3-11 49152]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"h:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"h:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"h:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"h:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"h:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"h:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;h:\windows\System32\svchost.exe -k Akamai [8/4/2004 12:56 AM 14336]
R2 EAPPkt;Realtek EAPPkt Protocol;h:\windows\system32\drivers\EAPPkt.sys [2/17/2010 5:58 PM 38144]
R2 TomTomHOMEService;TomTomHOMEService;h:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;h:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 McComponentHostService;McAfee Security Scan Component Host Service;h:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-24 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-27 h:\windows\Tasks\WGASetup.job
- h:\windows\system32\KB905474\wgasetup.exe [2010-02-18 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: &Webshots Photo Search - h:\program files\Webshots\3.1.5.7617\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Append Link Target to Existing PDF - h:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - h:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - h:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - h:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - h:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - h:\documents and settings\Hussain Muhammad\Application Data\Mozilla\Firefox\Profiles\ky9o2bdv.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.5.7613&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: h:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: h:\documents and settings\Hussain Muhammad\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trueh:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 22:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-682003330-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
h:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
h:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
h:\windows\system32\inetsrv\inetinfo.exe
h:\program files\Java\jre6\bin\jqs.exe
h:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
h:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
h:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
h:\windows\system32\nvsvc32.exe
h:\windows\System32\snmp.exe
h:\windows\system32\wdfmgr.exe
h:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
h:\windows\system32\wscntfy.exe
h:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
h:\windows\stsystra.exe
h:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
h:\program files\Common Files\Palo Alto Software\9.0\PAS9_UD.exe
h:\progra~1\Webshots\315~1.761\Webshots.scr
h:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
h:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
h:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
h:\program files\HP\Digital Imaging\bin\hpqbam08.exe
h:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
h:\program files\HP\HP Software Update\HPWUCli.exe
.
**************************************************************************
.
Completion time: 2010-04-26 22:35:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-27 02:35

Pre-Run: 228,306,268,160 bytes free
Post-Run: 231,699,382,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5BA2C0DC82A9D3840DF18D6E330EA491

Edited by elise025, 29 April 2010 - 07:17 AM.
CF log editted in and moved back to logs forum ~ Elise


BC AdBot (Login to Remove)

 


#2 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 01 May 2010 - 09:08 PM

Welcome to BC Techguy53,

Truly not a good idea to just run any of these forum specialty tool scans without one of us suggesting it. Especially one like ComboFix, that can make aggressive changes, and can potentially make things worse on the system. As is this log only shows it removing one Logitech file in error, and then some non-descript files that may/may not be malware related.

That startup error really is also not often related to malware problems, but more often some remnant or error startup that needs to be removed. The logs do shows at least one undesirable software, with that Kiwee Toolbar (see here), so let's at least take one additional detailed look here before I recommend posting in the BC Windows XP Home and Professional forum for some ideas.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.



Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If RSIT downloads/installs HijackThis be sure to agree to the install of that.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Ad eundum quo no duck ante iit




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users