Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PFkttsxi / server.exe / Stopped working


  • This topic is locked This topic is locked
9 replies to this topic

#1 zkteh

zkteh

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 18 May 2012 - 10:59 PM

Everytime I reboot my PC , a stop working message will pop out

Posted Image

Uploaded with ImageShack.us

and i decided to run MBAM to get rid of it , and here is the log .... PLS help me check for the leftovers of the Malware, Thanks :D

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.18.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
HP :: HP-PC [administrator]

19/5/2012 9:15:19 AM
mbam-log-2012-05-19 (09-15-19).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 306381
Time elapsed: 1 hour(s), 54 minute(s), 37 second(s)

Memory Processes Detected: 1
C:\Users\HP\AppData\Roaming\install\server.exe (Backdoor.Bot.M) -> 3208 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\CLSID\{7PKIP63P-5244-1203-D0HJ-VAE234YLTJ3I} (Backdoor.Bot.M) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7PKIP63P-5244-1203-D0HJ-VAE234YLTJ3I} (Backdoor.Bot.M) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\FAKEMESSAGE (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.Bot.M) -> Data: C:\Users\HP\AppData\Roaming\install\server.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\fakemessage|FakeMessage (Malware.Trace) -> Data: OK -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\HP\Downloads\TERMINAL_-_AIO\TERMINAL - AIO\Terminal.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\HP\AppData\Roaming\install\server.exe (Backdoor.Bot.M) -> Delete on reboot.
C:\Users\HP\AppData\Local\temp\winhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:29 PM

Posted 19 May 2012 - 01:14 AM

Hi,

It looks llike Malwarebytes already deleted the file. Are you still having problems currently?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 19 May 2012 - 03:18 AM

Hi,
I am not sure about that , but i think it's clean now ....

But now i haiving problems with my bluetooth , it give me a message "the attached bluetooth dongle is not supported..." ,
so i uninstall the driver and its software and reinstall them back,
and the problem resolved but it revert back to the recent issue after a reboot .....

If this is not covered under this topic , pls move me to the appropriate forum group, thanks :)

#4 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 19 May 2012 - 03:18 AM

Nothing Here ....

Edited by zkteh, 19 May 2012 - 03:20 AM.


#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:29 PM

Posted 19 May 2012 - 03:29 AM

I am not sure about that , but i think it's clean now ....


That's why I need an additional log since you're not sure..

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.


We'll look into the bluetooth issue afterwards, first we'll have to make sure no other malware is still present there.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 19 May 2012 - 08:58 PM

ComboFix 12-05-19.02 - HP 20/05/2012 9:36.4.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.60.1033.18.2036.1238 [GMT 8:00]
Running from: c:\users\HP\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP\AppData\Roaming\chrtmp
c:\users\HP\AppData\Roaming\Love
c:\users\HP\AppData\Roaming\Microsoft\Windows\qx2QXMUm.cfg
c:\users\HP\AppData\Roaming\Microsoft\Windows\qx2QXMUm.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))))
.
.
2012-05-20 01:50 . 2012-05-20 01:51 -------- d-----w- c:\users\HP\AppData\Local\temp
2012-05-20 01:50 . 2012-05-20 01:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-20 01:50 . 2012-05-20 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-20 01:50 . 2012-05-20 01:50 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-19 03:49 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B42B6C2A-5F6C-44F3-A134-FACF410DDFC5}\mpengine.dll
2012-05-18 17:23 . 2010-03-01 09:04 41344 ----a-w- c:\windows\system32\drivers\btmcom.sys
2012-05-18 17:22 . 2010-03-01 09:05 316680 ----a-w- c:\windows\system32\btmcls.dll
2012-05-18 17:22 . 2012-05-18 17:22 -------- d-----w- c:\program files\Motorola
2012-05-18 17:22 . 2012-05-18 17:22 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-05-18 16:29 . 2012-05-18 17:17 -------- d-----w- c:\users\HP\AppData\Roaming\BatteryBar
2012-05-18 16:29 . 2012-05-18 16:30 -------- d-----w- c:\program files\BatteryBar
2012-05-18 01:42 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-05 11:45 . 2012-05-05 11:45 -------- d-----w- c:\programdata\Synaptics
2012-05-01 15:19 . 2012-05-11 04:43 -------- d-----w- c:\program files\Meitu
2012-05-01 13:26 . 2012-05-01 13:26 -------- d-----w- C:\Extracted
2012-05-01 11:19 . 2012-05-01 11:19 -------- d-----w- c:\program files\7-Zip
2012-04-28 10:02 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-28 10:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-28 10:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-28 10:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-28 10:01 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-28 10:01 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-27 12:22 . 2012-04-27 12:22 -------- d-----w- c:\programdata\Sony
2012-04-26 12:20 . 2006-12-18 14:37 2097152 ----a-w- c:\windows\system32\autorun.bin
2012-04-26 12:20 . 2006-08-18 17:20 738816 ----a-w- c:\windows\system32\SFDNWIN.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 04:34 . 2011-11-28 09:24 6656 ----a-w- c:\windows\system32\lpcio.dll
2012-04-04 07:56 . 2012-02-24 08:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 12:44 . 2011-04-27 07:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 12:44 . 2011-04-18 05:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-14 13:06 . 2012-01-28 07:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-13 11:11 . 2012-03-13 11:12 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{429773E9-DBF9-4AC2-8023-FED6B102C56D}\gapaengine.dll
2012-02-20 20:59 . 2011-11-28 08:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-04-09 601144]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-03-31 19645704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
path=c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTMTrayAgent]
2010-03-31 09:32 19645704 ----a-w- c:\program files\Motorola\Bluetooth\btmshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-28 08:19 136176 ----atw- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 03:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-10-24 20:20 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWirelessAssistant]
2010-04-05 18:11 8192 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-10-13 17:25 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-10-24 20:20 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-10-24 20:20 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 00:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 06:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-11-28 08:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-13 20:36 2299176 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-03-24 06:53 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 47104]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-03 81920]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 136176]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R4 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-04-09 26168]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-03-10 500488]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-03-05 3531016]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-03-05 784136]
S3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-03-01 41344]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-03-05 4110848]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-05-17 793440]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-04-20 228896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-28 233472]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 08:19]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 08:19]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3106317538-888741922-2632213672-1000Core.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 08:19]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3106317538-888741922-2632213672-1000UA.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 08:19]
.
2012-04-29 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66C19F57-D27C-4D70-BDED-A0B2058D0BEC}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{66C19F57-D27C-4D70-BDED-A0B2058D0BEC}\94054524A7F6E656F5A4B484: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-HKCU - c:\users\HP\AppData\Roaming\love\sfsdfr.exe
MSConfigStartUp-HKLM - c:\users\HP\AppData\Roaming\love\sfsdfr.exe
MSConfigStartUp-JavaUpdate - c:\users\HP\AppData\Local\Temp\JavaUpdate.exe
MSConfigStartUp-Windows Updater - c:\users\HP\AppData\Local\winsvchost.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-20 09:56:40
ComboFix-quarantined-files.txt 2012-05-20 01:56
.
Pre-Run: 158,305,542,144 bytes free
Post-Run: 158,170,374,144 bytes free
.
- - End Of File - - 73082CBDD9DA035CE148B37B8185C7CE

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:29 PM

Posted 20 May 2012 - 12:16 AM

Hi,

This looks OK.
For your bluetooth issue, I have found the following:
http://h30434.www3.hp.com/t5/Other-Notebook-PC-Questions/Bluetooth-not-working-after-upgrade-driver-with-Ralink-Motorola/td-p/428445

However, this also appears to be an issue with the Motorola Ralink card itself:
http://h30434.www3.hp.com/t5/Notebook-Hardware/HP-DV7-BLUETOOTH-DISABLED-RESOLVED/td-p/1287663
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 20 May 2012 - 02:03 AM

Thanks for doing a research for me .... :thumbup2:

I think i will go and create a new topic about bluetooth issue if the issue
still exist..... :angry: since this is malware removal ....

To make it clear... ,I have ...
Motorola Bluetooth
Realtek Card reader

And I don't quite understand the second link ....... :huh:

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:29 PM

Posted 20 May 2012 - 01:22 PM

Hi,

Yes, it's a good idea to start a new topic about the bluetooth issue (if still present) in another part of this forum.
The malware issue should be resolved now. Your logs look clear.
Just one more thing to perform...

* Go to start > run and copy and paste next command in the field:

ComboFix /Uninstall

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Also,

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:29 PM

Posted 06 June 2012 - 03:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users