Jump to content

jcon707

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by jcon707

  1. jcon707
    So, sorry for the late reply, I was on vacation. I am not able to activate in safe mode either. What should I try next? Thanks, Jon
  2. jcon707
    It says "OK" and that's it.
  3. jcon707
    Hello, I'm having a problem reaching the licensing server and updating. I have also ran FRST and MB-Check, attached is the log. I also uninstalled and reinstalled to try and resolve the problem with no luck. Below is the only error I get. I am able to access keystone.mwbsys.com. Please assist. Thanks, Jon mb-check-results.zip
  4. jcon707
    ComboFix 09-09-13.06 - Jon 09/14/2009 10:50.2.1 - NTFSx86 Running from: c:\documents and settings\Jon\My Documents\Downloads\Help\CF.bat.exe Command switches used :: c:\documents and settings\Jon\My Documents\Downloads\Help\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Jon\Cookies\gyjumyxisi.reg . --------------- FCopy --------------- c:\windows\system32\dllcache\beep.sys --> c:\windows\system32\drivers\beep.sys . ((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 ))))))))))))))))))))))))))))))) . 2009-09-14 15:50 . 2008-08-07 20:27 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-09-14 15:50 . 2008-08-07 20:27 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-09-14 15:47 . 2009-09-14 15:47 -------- d-----w- C:\CF.bat 2009-09-10 12:13 . 2009-09-10 12:13 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-09-07 13:10 . 2009-09-07 13:10 43576 ----a-w- c:\documents and settings\Jon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-07 11:07 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-07 11:07 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-05 17:22 . 2009-09-05 17:22 -------- d-----w- c:\windows\M Exe Editor 2009-09-05 17:22 . 2009-09-05 17:22 -------- d-----w- c:\program files\M Exe Editor 2009-09-05 16:41 . 2009-09-05 16:41 -------- d-----w- c:\windows\ERUNT 2009-09-05 16:22 . 2009-09-06 12:17 -------- d-----w- C:\SDFix 2009-09-05 13:15 . 2009-09-05 13:15 -------- d-----w- c:\program files\Trend Micro 2009-09-04 08:53 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-04 08:53 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-04 08:53 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-04 08:53 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-04 08:53 . 2009-09-04 08:53 -------- d-----w- c:\program files\Avira 2009-09-04 08:53 . 2009-09-04 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-04 08:24 . 2009-09-04 08:24 -------- d-----w- c:\documents and settings\Jon\Application Data\Malwarebytes 2009-09-04 07:24 . 2009-09-07 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-04 06:00 . 2009-09-10 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-04 05:43 . 2009-09-04 05:45 -------- dc-h--w- c:\windows\ie8 2009-09-03 15:12 . 2009-09-03 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-09-03 15:10 . 2009-09-07 13:15 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-03 15:10 . 2009-09-03 15:10 -------- d-----w- c:\documents and settings\Jon\Application Data\SUPERAntiSpyware.com 2009-09-03 15:10 . 2009-09-06 12:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-03 15:08 . 2009-09-03 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-03 14:08 . 2009-09-03 14:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-09-03 14:01 . 2009-09-03 14:04 -------- d-----w- c:\program files\DiskInternals 2009-09-03 14:00 . 2009-09-03 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-09-03 13:59 . 2009-09-03 13:59 126 ----a-w- c:\documents and settings\Jon\Local Settings\Application Data\fusioncache.dat 2009-09-03 12:43 . 2009-09-03 12:43 -------- d-----w- C:\mfe 2009-09-03 12:34 . 2009-09-03 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix 2009-09-03 12:31 . 2009-09-03 12:31 -------- d-----w- c:\program files\Citrix 2009-09-03 12:31 . 2009-09-03 12:31 -------- d-----w- c:\documents and settings\Jon\Local Settings\Application Data\Citrix 2009-09-03 12:31 . 2009-09-03 12:31 61224 ----a-w- c:\documents and settings\Jon\GoToAssistDownloadHelper.exe 2009-09-03 12:24 . 2009-09-03 12:24 -------- d-----w- c:\documents and settings\Jon\Application Data\McAfee 2009-09-03 12:14 . 2009-09-04 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-03 11:12 . 2009-09-03 11:12 -------- d-----w- C:\WINSSLog 2009-09-03 10:36 . 2009-09-03 13:10 -------- d-----w- C:\AVGTemp 2009-09-03 10:24 . 2009-09-03 10:24 -------- d-----w- C:\3e8bd3475dd26d8b81ce465665fa17 2009-09-03 05:09 . 2004-08-04 00:56 14336 ------w- c:\windows\system32\svchost.exe 2009-09-01 09:35 . 2009-09-01 09:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-01 09:34 . 2009-09-01 09:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2009-08-31 00:51 . 2009-08-31 00:51 -------- d-----w- C:\6bff8bb6a7e5728d58e8aa56 2009-08-31 00:50 . 2009-09-10 12:13 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-29 11:33 . 2009-09-01 10:00 -------- d-----w- c:\program files\yfsvxw 2009-08-29 11:25 . 2009-08-29 11:26 -------- d-----w- c:\documents and settings\Jon\Local Settings\Application Data\Temp 2009-08-29 11:20 . 2009-08-29 11:24 -------- d-----w- c:\documents and settings\Jon\Local Settings\Application Data\Deployment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-14 14:31 . 2009-06-29 13:47 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys 2009-09-12 22:55 . 2009-06-29 13:47 -------- d-----w- c:\program files\Notebook Hardware Control 2009-09-12 22:55 . 2007-09-28 23:01 43576 -c--a-w- c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-12 10:51 . 2005-08-09 22:28 -------- d-----w- c:\program files\Notebook Maximizer 2009-09-07 13:38 . 2009-02-02 03:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-05 17:12 . 2009-09-05 17:12 15243 ----a-w- c:\program files\Common Files\jacij._sy 2009-09-05 17:12 . 2009-09-05 17:12 14179 ----a-w- c:\program files\Common Files\qacyxyso._sy 2009-08-29 11:49 . 2005-08-09 22:27 -------- d-----w- c:\program files\Java 2009-08-16 01:07 . 2009-07-04 14:10 -------- d-----w- c:\documents and settings\Jon\Application Data\Power Sound Editor Free 2009-08-14 11:58 . 2009-09-03 15:34 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-08-05 09:01 . 2005-08-09 20:38 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 05:01 . 2009-07-29 04:51 -------- d-----w- c:\documents and settings\Jon\Application Data\Media Player Classic 2009-07-29 04:37 . 2005-08-09 20:38 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-29 04:37 . 2005-08-09 20:37 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:24 . 2009-07-29 04:24 -------- d-----w- c:\program files\Combined Community Codec Pack 2009-07-25 10:23 . 2008-11-30 16:35 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2005-08-09 20:37 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 04:43 . 2005-08-09 20:39 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2005-08-09 20:38 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2005-08-09 20:38 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2005-08-09 20:38 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2005-08-09 20:38 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2005-08-09 20:38 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2005-08-09 20:38 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2005-08-09 20:37 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2005-08-09 20:38 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2007-11-24 22:55 . 2007-11-24 22:55 0 -c-h--w- c:\program files\AppUpdate.log 2006-05-03 10:06 . 2009-05-06 06:39 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2009-05-06 06:39 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 . 2009-05-06 06:39 216064 --sh--r- c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-10_12.26.31 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-12 10:49 . 2009-09-12 10:49 16384 c:\windows\Temp\Perflib_Perfdata_194.dat - 2006-11-08 03:03 . 2009-03-08 09:31 55296 c:\windows\system32\msfeedsbs.dll + 2006-11-08 03:03 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll - 2005-08-09 20:37 . 2009-03-08 09:33 25600 c:\windows\system32\jsproxy.dll + 2005-08-09 20:37 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll + 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll - 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll + 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll - 2007-05-14 15:54 . 2009-03-08 09:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2007-05-14 15:54 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys - 2006-05-10 05:25 . 2009-03-08 09:33 25600 c:\windows\system32\dllcache\jsproxy.dll + 2006-05-10 05:25 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-09-11 05:58 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB972260-IE8\xpshims.dll + 2009-09-11 05:58 . 2009-05-26 11:40 17272 c:\windows\ie8updates\KB972260-IE8\spmsg.dll + 2009-09-11 05:58 . 2009-05-26 11:40 26488 c:\windows\ie8updates\KB972260-IE8\spcustom.dll + 2009-09-11 05:58 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll + 2009-09-11 05:58 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll + 2005-08-09 20:38 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll + 2006-11-08 03:03 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll - 2006-11-08 03:03 . 2009-03-08 09:32 594432 c:\windows\system32\msfeeds.dll + 2005-08-09 20:37 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll + 2005-08-09 20:37 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll + 2005-08-09 20:37 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe - 2005-08-09 20:37 . 2009-03-08 09:32 173056 c:\windows\system32\ie4uinit.exe + 2006-05-10 05:25 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll + 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll + 2006-10-17 18:04 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll + 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll - 2007-05-14 15:54 . 2009-03-08 09:32 594432 c:\windows\system32\dllcache\msfeeds.dll + 2007-05-14 15:54 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll + 2009-04-26 03:23 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll + 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll + 2006-05-10 05:25 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll + 2006-11-07 09:27 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll - 2006-11-07 09:26 . 2009-03-08 09:32 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2006-11-07 09:26 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2009-09-11 05:58 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll + 2009-09-11 05:58 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\updspapi.dll + 2009-09-11 05:58 . 2009-05-26 11:40 755576 c:\windows\ie8updates\KB972260-IE8\update.exe + 2009-09-11 05:58 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll + 2009-09-11 05:58 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe + 2009-09-11 05:58 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst.exe + 2009-09-11 05:58 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll + 2009-09-11 05:58 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll + 2009-09-11 05:58 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll + 2009-09-11 05:58 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll + 2009-09-11 05:58 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll + 2009-09-11 05:58 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe + 2005-08-09 20:38 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll + 2005-08-09 20:38 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll - 2005-08-09 20:38 . 2009-03-08 09:41 5937152 c:\windows\system32\mshtml.dll + 2006-10-17 17:57 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll + 2006-05-10 05:25 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll + 2006-05-19 15:06 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll - 2006-05-19 15:06 . 2009-03-08 09:41 5937152 c:\windows\system32\dllcache\mshtml.dll + 2007-05-14 15:54 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll + 2009-09-11 05:58 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB972260-IE8\urlmon.dll + 2009-09-11 05:58 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB972260-IE8\mshtml.dll + 2009-09-11 05:58 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll + 2006-11-08 03:03 . 2009-07-19 23:48 11067392 c:\windows\system32\ieframe.dll + 2007-05-14 15:54 . 2009-07-19 23:48 11067392 c:\windows\system32\dllcache\ieframe.dll + 2009-09-11 05:58 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB972260-IE8\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-11-23 203208] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\02d16031-77eb-49f1-98a0-1a24555128d2.exe" [2009-08-05 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064] "NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2005-10-18 1261568] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2005-02-07 99480] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301] "Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2006-05-04 40960] "Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2006-10-23 56128] c:\documents and settings\David\Start Menu\Programs\Startup\ wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-6-23 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-8-9 155648] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Diablo II\\Game_crk.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Fox\\Aliens versus Predator\\avp.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Diablo II\\1.11b.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\David\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"= "c:\\StubInstaller.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\UnrealTournament\\System\\UnrealTournament.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"= "c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R3 DJUSB;DMM Controller;c:\windows\system32\Drivers\DM2.sys [2001-01-12 10758] R3 hexmagic;hexmagic;c:\windows\system32\drivers\hexmagic.sys [x] R3 PEEK5;PEEK5 Protocol Driver;c:\docume~1\Jon\MYDOCU~1\DOWNLO~1\Other\Hacking\AIRCRA~1.3-W\bin\PEEK5.SYS [2005-05-19 13184] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-08-05 7408] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-05 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-05 74480] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 Notebook Hardware Control Service;Notebook Hardware Control Service;c:\program files\Notebook Hardware Control\nhcservice.exe [2009-06-29 77824] S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2004-08-04 14336] S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-04-01 211200] S3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2007-04-18 18944] S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2007-04-11 17920] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422525118-3929007035-3564027493-1006Core.job - c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-29 11:25] 2009-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422525118-3929007035-3564027493-1006UA.job - c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-29 11:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://mail.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html . - - - - ORPHANS REMOVED - - - - Notify-avgrsstarter - avgrsstx.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-14 10:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2422525118-3929007035-3564027493-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4A7DF378-A68E-7E9C-A71F-14F35AE49306}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-2422525118-3929007035-3564027493-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0] "Percents"="0 0.0602 0.1985 0.4495 0.6667 0.7345 0.7396 " "Increment"=".003650" "FRT"="iiJxFrX//cGqcZwbqN8tpgVqrHiaLq6MImjWrVBvi+tHwq4u+tg2GQ==" "PLCK"="l8yAT4gYnjChfJRL2dySwX6u7FxURfIK" "PHSH"="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(644) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-09-14 10:56 ComboFix-quarantined-files.txt 2009-09-14 15:56 ComboFix2.txt 2009-09-10 12:30 Pre-Run: 18,765,500,416 bytes free Post-Run: 18,765,778,944 bytes free 290 --- E O F --- 2009-09-14 14:32 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:03:17 AM, on 9/14/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Notebook Hardware Control\nhcservice.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Notebook Hardware Control\nhc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O1 - Hosts: ::1 localhost O1 - Hosts: 91.212.127.221 antivirplatinum.microsoft.com O1 - Hosts: 91.212.127.221 antivirplatinum.com O1 - Hosts: 91.212.127.221 www.antivirplatinum.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\02d16031-77eb-49f1-98a0-1a24555128d2.exe O4 - HKUS\S-1-5-21-2422525118-3929007035-3564027493-1006\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?') O4 - HKUS\S-1-5-21-2422525118-3929007035-3564027493-1006\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount (User '?') O4 - HKUS\S-1-5-21-2422525118-3929007035-3564027493-1006\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\02d16031-77eb-49f1-98a0-1a24555128d2.exe (User '?') O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228669507296 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228669497312 O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (file missing) O23 - Service: ConfigFree Service (CFSvcs) - Unknown owner - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (file missing) O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Notebook Hardware Control Service - http://www.pbus-167.com - C:\Program Files\Notebook Hardware Control\nhcservice.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- End of file - 8893 bytes
  5. jcon707
    Malwarebytes' Anti-Malware 1.40 Database version: 2750 Windows 5.1.2600 Service Pack 3 9/10/2009 9:02:36 AM mbam-log-2009-09-10 (09-02-36).txt Scan type: Full Scan (C:\|) Objects scanned: 214331 Time elapsed: 1 hour(s), 23 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 10 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\17187964 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\Qoobox\Quarantine\C\WINDOWS\system32\bszip.dll.vir (Worm.P2P) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\tapi.nfo.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kehitulo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wsaupdater.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  6. jcon707
    ComboFix 09-09-09.07 - Jon 09/10/2009 7:13.1.1 - NTFSx86 Running from: c:\documents and settings\Jon\My Documents\Downloads\Help\CF.bat.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\-1262639300 c:\documents and settings\All Users\Documents\kikik.bat c:\documents and settings\All Users\Documents\yrukocyh.dll c:\documents and settings\Jon\Application Data\FunWebProducts c:\documents and settings\Jon\Application Data\FunWebProducts\Data\Jon\avatar.dat c:\documents and settings\Jon\Local Settings\Application Data\himemed.pif c:\documents and settings\Jon\Local Settings\Temporary Internet Files\cobapadefa._sy c:\documents and settings\Jon\Local Settings\Temporary Internet Files\eherov._dl c:\documents and settings\Jon\Local Settings\Temporary Internet Files\usamat.bin c:\documents and settings\Jon\Local Settings\Temporary Internet Files\uziciluby.pif c:\program files\Common Files\owobyzihub.reg c:\program files\outlook c:\windows\ebyfo.vbs c:\windows\Installer\1891f5a.msi c:\windows\Installer\361bd.msi c:\windows\Installer\361c3.msp c:\windows\system\SysSD.dll c:\windows\system32\~.exe c:\windows\system32\bszip.dll c:\windows\system32\cmd.com c:\windows\system32\difebebu.dll c:\windows\system32\drivers\UACxoduejapjb.sys c:\windows\system32\keystrokes.html c:\windows\system32\kolohage.dll c:\windows\system32\lekegafu.dll c:\windows\system32\netstat.com c:\windows\system32\ping.com c:\windows\system32\regedit.com c:\windows\system32\rugalilu.dll c:\windows\system32\tajf83ikdmf.dll c:\windows\system32\tapi.nfo c:\windows\system32\taskkill.com c:\windows\system32\tasklist.com c:\windows\system32\tijezaze.dll c:\windows\system32\tracert.com c:\windows\system32\UACawwehespaw.dll c:\windows\system32\uacinit.dll c:\windows\system32\UAClgxtbddvxp.dll c:\windows\system32\UACnqqfxrxuxo.dll c:\windows\system32\UACoivximqtmt.dat c:\windows\system32\UACtfspqjbevm.dll c:\windows\system32\vamegeye.dll c:\windows\system32\web.dat c:\windows\system32\wewefove.dll c:\windows\system32\yenonoje.dll c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job c:\windows\ubujowo.bat c:\windows\xikasufy.sys Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_UACd.sys -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 ))))))))))))))))))))))))))))))) . 2009-09-10 12:13 . 2009-09-10 12:13 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-09-07 13:10 . 2009-09-07 13:10 43576 ----a-w- c:\documents and settings\Jon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-07 11:07 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-07 11:07 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-05 17:22 . 2009-09-05 17:22 -------- d-----w- c:\windows\M Exe Editor 2009-09-05 17:22 . 2009-09-05 17:22 -------- d-----w- c:\program files\M Exe Editor 2009-09-05 16:41 . 2009-09-05 16:41 -------- d-----w- c:\windows\ERUNT 2009-09-05 16:22 . 2009-09-06 12:17 -------- d-----w- C:\SDFix 2009-09-05 13:15 . 2009-09-05 13:15 -------- d-----w- c:\program files\Trend Micro 2009-09-04 08:53 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-04 08:53 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-04 08:53 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-04 08:53 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-04 08:53 . 2009-09-04 08:53 -------- d-----w- c:\program files\Avira 2009-09-04 08:53 . 2009-09-04 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-04 08:24 . 2009-09-04 08:24 -------- d-----w- c:\documents and settings\Jon\Application Data\Malwarebytes 2009-09-04 07:24 . 2009-09-07 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-04 06:00 . 2009-09-04 06:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-04 06:00 . 2009-09-04 06:00 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-04 06:00 . 2009-09-04 06:06 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-04 06:00 . 2009-09-04 06:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-04 06:00 . 2009-09-09 23:20 -------- d-----w- c:\windows\system32\drivers\Avg 2009-09-04 06:00 . 2009-09-04 06:00 -------- d-----w- c:\program files\AVG 2009-09-04 06:00 . 2009-09-07 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-04 05:43 . 2009-09-04 05:45 -------- dc-h--w- c:\windows\ie8 2009-09-03 15:12 . 2009-09-03 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-09-03 15:10 . 2009-09-07 13:15 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-03 15:10 . 2009-09-03 15:10 -------- d-----w- c:\documents and settings\Jon\Application Data\SUPERAntiSpyware.com 2009-09-03 15:10 . 2009-09-06 12:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-03 15:08 . 2009-09-03 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-03 14:08 . 2009-09-03 14:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-09-03 14:01 . 2009-09-03 14:04 -------- d-----w- c:\program files\DiskInternals 2009-09-03 14:00 . 2009-09-03 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-09-03 13:59 . 2009-09-03 13:59 126 ----a-w- c:\documents and settings\Jon\Local Settings\Application Data\fusioncache.dat 2009-09-03 12:43 . 2009-09-03 12:43 -------- d-----w- C:\mfe 2009-09-03 12:34 . 2009-09-03 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix 2009-09-03 12:31 . 2009-09-03 12:31 -------- d-----w- c:\program files\Citrix 2009-09-03 12:31 . 2009-09-03 12:31 -------- d-----w- c:\documents and settings\Jon\Local Settings\Application Data\Citrix 2009-09-03 12:31 . 2009-09-03 12:31 61224 ----a-w- c:\documents and settings\Jon\GoToAssistDownloadHelper.exe 2009-09-03 12:24 . 2009-09-03 12:24 -------- d-----w- c:\documents and settings\Jon\Application Data\McAfee 2009-09-03 12:14 . 2009-09-04 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-03 11:12 . 2009-09-03 11:12 -------- d-----w- C:\WINSSLog 2009-09-03 10:36 . 2009-09-03 13:10 -------- d-----w- C:\AVGTemp 2009-09-03 10:24 . 2009-09-03 10:24 -------- d-----w- C:\3e8bd3475dd26d8b81ce465665fa17 2009-09-03 05:09 . 2004-08-04 00:56 14336 ----a-w- c:\windows\system32\svchost.exe 2009-09-01 10:33 . 2009-09-04 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\17187964 2009-09-01 09:35 . 2009-09-01 09:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-01 09:34 . 2009-09-01 09:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2009-08-31 00:51 . 2009-08-31 00:51 -------- d-----w- C:\6bff8bb6a7e5728d58e8aa56 2009-08-31 00:50 . 2009-09-10 12:13 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-29 11:33 . 2009-09-01 10:00 -------- d-----w- c:\program files\yfsvxw 2009-08-29 11:25 . 2009-08-29 11:26 -------- d-----w- c:\documents and settings\Jon\Local Settings\Application Data\Temp 2009-08-29 11:20 . 2009-08-29 11:24 -------- d-----w- c:\documents and settings\Jon\Local Settings\Application Data\Deployment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-10 12:26 . 2005-08-09 22:28 -------- d-----w- c:\program files\Notebook Maximizer 2009-09-10 12:26 . 2009-06-29 13:47 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys 2009-09-07 13:38 . 2009-02-02 03:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-05 17:12 . 2009-09-05 17:12 15243 ----a-w- c:\program files\Common Files\jacij._sy 2009-09-05 17:12 . 2009-09-05 17:12 14179 ----a-w- c:\program files\Common Files\qacyxyso._sy 2009-09-03 10:56 . 2009-06-03 10:55 49664 --sha-w- c:\windows\system32\kehitulo.dll 2009-08-29 11:49 . 2005-08-09 22:27 -------- d-----w- c:\program files\Java 2009-08-17 23:09 . 2009-06-29 13:47 -------- d-----w- c:\program files\Notebook Hardware Control 2009-08-16 01:07 . 2009-07-04 14:10 -------- d-----w- c:\documents and settings\Jon\Application Data\Power Sound Editor Free 2009-08-14 11:58 . 2009-09-03 15:34 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-08-12 02:07 . 2007-09-28 23:01 43576 -c--a-w- c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 09:01 . 2005-08-09 20:38 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 05:01 . 2009-07-29 04:51 -------- d-----w- c:\documents and settings\Jon\Application Data\Media Player Classic 2009-07-29 04:37 . 2005-08-09 20:38 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-29 04:37 . 2005-08-09 20:37 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:24 . 2009-07-29 04:24 -------- d-----w- c:\program files\Combined Community Codec Pack 2009-07-25 10:23 . 2008-11-30 16:35 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2005-08-09 20:37 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 04:43 . 2005-08-09 20:39 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-12 12:31 . 2005-08-09 20:38 76288 ----a-w- c:\windows\system32\telnet.exe 2007-11-24 22:55 . 2007-11-24 22:55 0 -c-h--w- c:\program files\AppUpdate.log 2006-05-03 10:06 . 2009-05-06 06:39 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2009-05-06 06:39 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 . 2009-05-06 06:39 216064 --sh--r- c:\windows\system32\nbDX.dll . ------- Sigcheck ------- [7] 2008-08-07 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys c:\windows\system32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-11-23 203208] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\02d16031-77eb-49f1-98a0-1a24555128d2.exe" [2009-08-05 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064] "NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2005-10-18 1261568] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2005-02-07 99480] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301] "Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2006-05-04 40960] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-04 2007832] "Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2006-10-23 56128] c:\documents and settings\David\Start Menu\Programs\Startup\ wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-6-23 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-8-9 155648] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-04 06:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Diablo II\\Game_crk.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Fox\\Aliens versus Predator\\avp.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Diablo II\\1.11b.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\David\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"= "c:\\StubInstaller.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\UnrealTournament\\System\\UnrealTournament.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"= "c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-09-04 908056] R3 DJUSB;DMM Controller;c:\windows\system32\Drivers\DM2.sys [2001-01-12 10758] R3 hexmagic;hexmagic;c:\windows\system32\drivers\hexmagic.sys [x] R3 PEEK5;PEEK5 Protocol Driver;c:\docume~1\Jon\MYDOCU~1\DOWNLO~1\Other\Hacking\AIRCRA~1.3-W\bin\PEEK5.SYS [2005-05-19 13184] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-08-05 7408] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-04 335240] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-09-04 108552] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-05 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-05 74480] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 Notebook Hardware Control Service;Notebook Hardware Control Service;c:\program files\Notebook Hardware Control\nhcservice.exe [2009-06-29 77824] S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2004-08-04 14336] S3 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-04 297752] S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-04-01 211200] S3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2007-04-18 18944] S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2007-04-11 17920] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422525118-3929007035-3564027493-1006Core.job - c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-29 11:25] 2009-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422525118-3929007035-3564027493-1006UA.job - c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-29 11:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://mail.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html . - - - - ORPHANS REMOVED - - - - Toolbar-{e413a417-d00b-4a3b-9c17-19048046f1ce} - c:\program files\johnqtv1\tbjohn.dll HKLM-Explorer_Run-application - c:\program files\AKProg\AKProg.exe SafeBoot-mcmscsvc SafeBoot-MCODS SafeBoot-OneCareMP ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-10 07:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2422525118-3929007035-3564027493-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4A7DF378-A68E-7E9C-A71F-14F35AE49306}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-2422525118-3929007035-3564027493-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0] "Percents"="0 0.0602 0.1985 0.4495 0.6667 0.7345 0.7396 " "Increment"=".003650" "FRT"="iiJxFrX//cGqcZwbqN8tpgVqrHiaLq6MImjWrVBvi+tHwq4u+tg2GQ==" "PLCK"="l8yAT4gYnjChfJRL2dySwX6u7FxURfIK" "PHSH"="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2272) c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\pelscrll.dll c:\windows\system32\PELCOMM.dll c:\windows\system32\PELHOOKS.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\snmp.exe c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe c:\program files\AVG\AVG8\avgrsx.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\PELMICED.EXE c:\program files\AVG\AVG8\avgtray.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-10 7:30 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-10 12:30 Pre-Run: 18,536,402,944 bytes free Post-Run: 18,861,912,064 bytes free 324 --- E O F --- 2009-09-10 01:06
  7. jcon707
    ComboFix won't install on my computer it acts like its doing something then stops.
  8. jcon707
    Hi i cant get HJ to scan it starts to scan and then shutdown. MBAM won't install, but if i install it freezes at the end and i can stop the process mbam.exe and then it finishes install but it won't start and i can copy and paste the mbam.exe and then it starts but it wont scan it starts to scan and gets about 2 seconds in and quits. Then if i want to run it again i have to copy and paste the exe again. Root Repeal also starts to scan and shutdowns. Please help. I just had braviax virus (i think it was the antivirus 2010) on my computer. I edited the main braviax file and stopped the auto-rewrite process and was able to delete both braviax files and both cru629.dat and the beep.sys file. i went throught the registry and my computer and deleted all things containing braviax, cru629, antivirus pro 2010 and wisdstr. I have deleted my temp and my windows\temp. but still no scans from any of the three programs (mbam, hj, root repeal) I have also tried other antivirus and anti malware programs but still no scans it wont let me scan with anything. please help I have been trying to get rid of this virus and get back to being able to scan for 5 days now.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.