Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ping.exe virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 skyeyes

skyeyes

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 20 December 2011 - 12:55 PM

Hello, my computer was having major problems with what appeared to be what I'm finding out may have been the Ping.exe virus which is probably really some other virus in name. It started out as one of those bogus Antivirus Protectiion virus things with the popups and hijacking my whole computer. I quickly did a system restore which seemed to have eliminated the Antivirus thing and all the popups but then lead to Ping.exe using 100% of my computer resources and even when I killed the process coming back quickly. This also lead to some browser redirect issues. I am somewhat savvy at going into my computer and finding crap that doesn't belong, and while I found and eliminated different things, nothing would get rid of this nasty thing. I had McAfee running the entire time with real-time scan and it missed it. Then a full scan by both McAfee and Malwarebytes both failed to resolve the issue. Someone on another site referred me to ComboFix, so I ran that. 2 problems, first of all I cannot repair my Internet Connection now, which I was advised could happen, only the steps recommended on this site did not resolve the issue. Secondly I still the Ping.exe file that I believe was part of the problem in the C:\WINDOWS\Prefetch. That is a quick summary of my issue, but I do have the log from ComboFix so I wanted to post it here and get feedback from an expert. I am working from another computer. Please Help!

ComboFix 11-12-20.04 - Larry 12/20/2011 10:30:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1646 [GMT -6:00]
Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Larry\Application Data\Ujqifa
c:\documents and settings\Larry\Application Data\Ujqifa\ojec.exe
c:\documents and settings\Larry\WINDOWS
c:\windows\$NtUninstallKB12168$\181986693
c:\windows\$NtUninstallKB12168$\3923428946\@
c:\windows\$NtUninstallKB12168$\3923428946\bckfg.tmp
c:\windows\$NtUninstallKB12168$\3923428946\cfg.ini
c:\windows\$NtUninstallKB12168$\3923428946\Desktop.ini
c:\windows\$NtUninstallKB12168$\3923428946\keywords
c:\windows\$NtUninstallKB12168$\3923428946\kwrd.dll
c:\windows\$NtUninstallKB12168$\3923428946\L\pdmzmplg
c:\windows\$NtUninstallKB12168$\3923428946\lsflt7.ver
c:\windows\$NtUninstallKB12168$\3923428946\U\00000001.@
c:\windows\$NtUninstallKB12168$\3923428946\U\00000002.@
c:\windows\$NtUninstallKB12168$\3923428946\U\00000004.@
c:\windows\$NtUninstallKB12168$\3923428946\U\80000000.@
c:\windows\$NtUninstallKB12168$\3923428946\U\80000004.@
c:\windows\$NtUninstallKB12168$\3923428946\U\80000032.@
c:\windows\explorer(2).exe
c:\windows\kb913800.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\$NtUninstallKB12168$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 16:25 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-12-20 16:25 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\dllcache\acpi.sys
2011-12-17 23:20 . 2011-12-17 23:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-17 23:20 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-17 21:49 . 2011-12-17 21:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-12-15 08:07 . 2011-12-15 08:07 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-15 08:02 . 2011-12-15 08:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-12-15 07:53 . 2011-12-15 07:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-12 16:18 . 2011-12-15 08:06 -------- d-----w- c:\program files\WildTangent Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2005-08-16 09:18 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 18:18 . 2011-06-15 01:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 05:21 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-04 19:20 . 2005-08-16 09:18 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2005-08-16 09:18 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2005-08-16 09:18 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2005-08-16 09:18 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2005-08-16 09:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-08-16 09:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-14 23:38 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 11:06 . 2010-04-21 04:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 08:37 . 2009-04-03 17:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2005-08-16 09:18 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2005-08-16 09:18 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 14:41 . 2010-05-22 18:19 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-05 273528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-11 24576]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-04-02 10:24 113400 ----a-w- c:\program files\Sonic\Product\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-18 19:00 8192 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-18 19:00 110592 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McciServiceHost"=2 (0x2)
"McciCMService"=2 (0x2)
"idsvc"=3 (0x3)
"GameConsoleService"=3 (0x3)
"dlcc_device"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15641:UDP"= 15641:UDP:UDP 15641
"16256:TCP"= 16256:TCP:TCP 16256
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/27/2011 2:44 PM 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/25/2010 4:00 PM 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/27/2011 2:44 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2/27/2011 2:44 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2/27/2011 2:44 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2/27/2011 2:44 PM 141792]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [3/31/2011 11:11 PM 450848]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/27/2011 2:44 PM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/27/2011 2:44 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/27/2011 2:44 PM 88736]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/27/2011 2:44 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/27/2011 2:44 PM 84488]
S4 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [6/9/2010 12:50 PM 315392]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2011-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1238831794-1463506752-2850376971-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2011-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1238831794-1463506752-2850376971-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2011-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1238831794-1463506752-2850376971-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2011-12-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2011-12-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1238831794-1463506752-2850376971-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2011-12-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1238831794-1463506752-2850376971-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2011-12-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1238831794-1463506752-2850376971-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?id=2
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{CE9E9C20-E2C5-4dc0-8A80-CF344B557F5D} - c:\program files\PokerStars.ESPN\PokerStarsUpdate.exe
Trusted Zone: internet
Trusted Zone: iwon.com
Trusted Zone: mcafee.com
Trusted Zone: nfl.com
Trusted Zone: sportsline.com
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.1.254
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DW4 - c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-MozillaAgent - c:\windows\Temp\_ex-68.exe
MSConfigStartUp-PhotoShow Deluxe Media Manager - c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
MSConfigStartUp-{365072DE-9975-AD7A-321F-461A2FD46508} - c:\documents and settings\Larry\Application Data\Ujqifa\ojec.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 10:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,27,6e,d1,83,29,83,49,b5,2b,cf,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,27,6e,d1,83,29,83,49,b5,2b,cf,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2472)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\stsystra.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-12-20 11:05:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-20 17:04
.
Pre-Run: 105,253,814,272 bytes free
Post-Run: 106,784,714,752 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C3F86823F12F4259B2A185822C8C0A51

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:21 PM

Posted 23 December 2011 - 09:47 PM

Hi

Please run the following:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:21 PM

Posted 29 December 2011 - 04:54 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users