Multiple problems started with Windows Police Pro!

salp · October 2, 2009

Hi all, newbie to the forums (haven't had any major problems till now) -- I'm running Windows XP home w/SP2 using Firefox as my browser. Recently got the Windows Police Pro pop-up & manually deleted what I thought were all the 'files' for it, everything was fine for a couple of days (so I thought) but then the pop-ups returned & many of my programs & securities won't run! I get a window asking for me to choose the program you want to use to open this file.

I have Malwarebytes, Spybot search & destroy, Lavasoft Adaware, windows defender, Super AntiSpyware & lastly AVG Free 8.5 as anti-virus. I do NOT have Hijackthis. None of these will run even trying the 'run as' current user right click option. I tried to use a few 'online' scanners to no avail!

Thanx in advance!

salp · October 2, 2009

Oops forgot to mention I keep getting a.exe & b.exe processes that show up in task manager

salp · October 3, 2009

Hi all, newbie to the forums (haven't had any major problems till now) -- I'm running Windows XP home w/SP2 using Firefox as my browser. Recently got the Windows Police Pro pop-up & manually deleted what I thought were all the 'files' for it, everything was fine for a couple of days (so I thought) but then the pop-ups returned & many of my programs & securities won't run! I get a window asking for me to choose the program you want to use to open this file.
I have Malwarebytes, Spybot search & destroy, Lavasoft Adaware, windows defender, Super AntiSpyware & lastly AVG Free 8.5 as anti-virus. I do NOT have Hijackthis. None of these will run even trying the 'run as' current user right click option. I tried to use a few 'online' scanners to no avail!
Thanx in advance!

Win32kDiag.txt

salp · October 3, 2009

Hi again, I was able to run a Win32kdiag finally! but still can't do much else! -- PLEASE HELP

Running from: C:\Documents and Settings\JC Surveillance Inc\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\JC Surveillance Inc\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB925720\KB925720

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929123\KB929123

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933360\KB933360

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Cache\Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{06A0ED53-F3DC-4E3A-A4C2-77D03DA112C5}\{06A0ED53-F3DC-4E3A-A4C2-77D03DA112C5}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

[1] 2004-08-04 05:00:00 743936 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()

[1] 2004-08-04 05:00:00 743936 C:\WINDOWS\system32\dllcache\helpsvc.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\update.exe

[1] 2004-10-14 14:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 18:29:47 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 14:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB899588\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB912945\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB916281\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB929969\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944338\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950759\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB953838\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB958470\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB961118\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB969897\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB971961\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\update.exe ()

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\update\update.exe (Microsoft Corporation)

[1] 2005-06-28 13:24:51 716000 C:\WINDOWS\SoftwareDistribution\Download\a38b18c409e0a8f4a34f18919dae7225\update\Update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\update\update.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Preferences\Preferences

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\JVSXZTUC\JVSXZTUC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-477365121-4083767938-562202453-1003\S-1-5-21-477365121-4083767938-562202453-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\949d5a39ad61\949d5a39ad61

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-477365121-4083767938-562202453-1003\S-1-5-21-477365121-4083767938-562202453-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Musicmatch\Jukebox\Cache\Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 05:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2004-08-04 05:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

[1] 2004-08-04 05:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\hsperfdata_SYSTEM\hsperfdata_SYSTEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\IXP000.TMP\IXP000.TMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\IXP001.TMP\IXP001.TMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Finished!

screen317 · October 4, 2009

Hi and welcome to Malwarebytes.

We need to execute an Avenger2 script.

Note to users reading this topic! This script was created specifically for the particular infection on this specific machine! If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please download The Avenger2 by Swandog46.
Unzip avenger.exe to your desktop.
Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
```
Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll
```
Now start The Avenger2 by double clicking avenger.exe on your desktop.
Read the prompt that appears, and press OK.
Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
Press the "Execute" button.
You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
Note: It is possible that Avenger will reboot your system TWICE.
Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

Next, try running MBAM; if you can, update it, run a Quick Scan, and post its log.

After that, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

salp · October 4, 2009

Screen317 -- THANX for replying & trying to help!!

I was able to download, unzip & start avenger2 - got thru the prompts - pasted the script & executed BUT got a 'Error: can't open file C\WINDOWS\system32\yatjn.txt (error 5: access is denied.)' - and - Error: Could not open script file. Aborting execution! (error 6: the handle is invalid.) - also got the same two messages upon closing avenger2

What next?

screen317 · October 4, 2009

Skip that step and proceed with the other ones.

-screen317

salp · October 5, 2009

sreen317 Hi again, tried ComboFix - was able to download & open only thru the 'run as box - only to get a small pop-up that looked like a pop-up that I used to get when Spybot S&D used to open (like a progress bar) - but after fifteen minutes it did NOT do anything - couldn't close it so went to task manager & saw a ComboFix.exe process (0 % usage) - terminated it - deleted ComboFix & re-tried the procedure - same results - GRRRR!

screen317 · October 6, 2009

Hmm.

Delete your copy of ComboFix; grab a fresh copy, except before you download it, rename it to salp.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\salp.bat" /killall

See if ComboFix will run now.

-screen317

salp · October 6, 2009

Hmm.
Delete your copy of ComboFix; grab a fresh copy, except before you download it, rename it to salp.bat
Navigate to Start --> Run, and enter the following command exactly as shown:
"%userprofile%\desktop\salp.bat" /killall
See if ComboFix will run now.
-screen317

Tried this & looked like it was working till entering - "%userprofile%\desktop\salp.bat" /killall - got an error box - Windows cannot find 'userprofile%\desktop\salp.bat.exe' Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search

I tried it a couple of times!

sreen317, THANX for sticking with me to solve this. Sal

screen317 · October 6, 2009

Did you copy this directly?

"%userprofile%\desktop\salp.bat" /killall

The error means you typed in...

"userprofile%\desktop\salp.bat.exe" /killall

...instead.

salp · October 11, 2009

Did you copy this directly?
"%userprofile%\desktop\salp.bat" /killall
The error means you typed in...
"userprofile%\desktop\salp.bat.exe" /killall
...instead.

Hi screen317 -- sorry for the delay -- things got worse, I'm no longer able to get firefox to open on that machine & seems to have 'lost' my desktop background & screensaver, so I 'resurrected' an older Dell that I had laying around so I could get on the net!

I re-tried the process again & the error message is - - Windows cannot find "C:\Documents and Settings 'userprofile%\desktop\salp.bat' Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search

NO .exe this time!

Please advise!

Thanx!

screen317 · October 11, 2009

That error just means you're typing in the command incorrectly.

Do this instead:

Please open Notepad. Copy and paste the following text (starting with @echo off) into the Notepad document.

Navigate to File --> Save As..., and save the file as fix.bat (make sure the Save As Type is set to All Files).

Save it to your Desktop.

@echo off
"%userprofile%\desktop\salp.bat" /killall

Now navigate to your Desktop, and double click fix.bat

ComboFix should run now.

salp · October 12, 2009

That error just means you're typing in the command incorrectly.
Do this instead:
Please open Notepad. Copy and paste the following text (starting with @echo off) into the Notepad document.
Navigate to File --> Save As..., and save the file as fix.bat (make sure the Save As Type is set to All Files).
Save it to your Desktop.
-
@echo off
"%userprofile%\desktop\salp.bat" /killall
Now navigate to your Desktop, and double click fix.bat
ComboFix should run now.

Hey screen317, thanx so much for the reply & continued help...

I had to try doing what you suggested above, BUT with doing it to a usb thumbdrive since yhe problem machine can no longer access the net -- it seemed to work somewhat BUT I only get a very breif glance at a dos windor that has a header of C:\Windows\system\cmd.exe -- it cancels out so fast I can NOT read the black dialog error!

Keeping in mind that the machine can NOT access the net, what would be my next try?

Is there something I can download with the thumb drive? -- I did try to re-install a renamed copy of Malwarebytes, but that did NOT work!

I hate to keep saying thanx but, THANX!

screen317 · October 12, 2009

Run Win32kDiag again and post its log.

Also, which letter drive is your flash drive plugged into?

-screen317

salp · October 13, 2009

Run Win32kDiag again and post its log.
Also, which letter drive is your flash drive plugged into?
-screen317

This time around Win32kDiag WON"T run! GRRR! --- I get a DOS window with -

Starting up...

WARNING: Could not get Destop directory - log file will be at:C:\

Press any key to continue . . .

And the drive letter for the flash drive is - Removable Disk (G:)

screen317 · October 15, 2009

Grab a new copy of ComboFix; rename is to salp.exe and save it to your flash drive.

Now on the infected computer, insert the flash drive.

Next, navigate to Start --> Run, then copy and paste the following command into the white box:

"G:\salp.exe" /killall

See if it will run now.

-screen317

salp · October 17, 2009

Grab a new copy of ComboFix; rename is to salp.exe and save it to your flash drive.
Now on the infected computer, insert the flash drive.
Next, navigate to Start --> Run, then copy and paste the following command into the white box:
"G:\salp.exe" /killall
See if it will run now.
-screen317

salp · October 17, 2009

SCREEN317 ROCKS!!!!!!

YEAAAA!! finally got ComboFix to run with your last post!!! Now finally it seems like we're getting somewhere!!

I'm pasting the ComboFix log file below -

2009-10-17 21:01:58 . 2009-10-17 21:01:58 2,240 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Malwarebytes' Anti-Malware_is1.reg.dat

2009-10-17 21:01:58 . 2009-10-17 21:01:58 1,814 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-3554AA4B-9B0B-451a-A269-2B5F53982209_is1.reg.dat

2009-10-17 21:01:45 . 2009-10-17 21:01:45 498 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-mlJASjhH.reg.dat

2009-10-17 21:01:44 . 2009-10-17 21:01:44 373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-mumizupag-{9951895d-7235-4e80-9854-febd7b9a8851}.reg.dat

2009-10-17 21:01:42 . 2009-10-17 21:01:42 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{9951895d-7235-4e80-9854-febd7b9a8851}.reg.dat

2009-10-17 21:01:38 . 2009-10-17 21:01:38 194 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Explorer_Run-bp1mOupjbm.reg.dat

2009-10-17 21:01:38 . 2009-10-17 21:01:38 160 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-Advanced Virus Remover.reg.dat

2009-10-17 21:01:37 . 2009-10-17 21:01:37 129 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-monumiloka.reg.dat

2009-10-17 21:01:37 . 2009-10-17 21:01:37 150 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-litagepuv.reg.dat

2009-10-17 21:01:37 . 2009-10-17 21:01:37 174 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-60646527.reg.dat

2009-10-17 21:01:37 . 2009-10-17 21:01:37 174 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-07322620.reg.dat

2009-10-17 21:01:37 . 2009-10-17 21:01:37 151 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-62188732.reg.dat

2009-10-17 21:01:32 . 2009-10-17 21:01:32 149 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-litagepuv.reg.dat

2009-10-17 21:01:31 . 2009-10-17 21:01:31 351 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{19781288-285b-4651-9d02-377ad26e7b29}.reg.dat

2009-10-17 20:57:12 . 2009-06-26 15:59:37 620,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Temp\mta13187.dll.vir

2009-10-17 20:50:01 . 2009-10-17 20:50:01 2,534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_mdtdisk.reg.dat

2009-10-17 20:50:01 . 2009-10-17 20:50:01 4,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_6to4.reg.dat

2009-10-17 20:50:01 . 2009-10-17 20:50:01 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}.reg.dat

2009-10-17 20:50:01 . 2009-10-17 20:50:01 1,208 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MDTDISK.reg.dat

2009-10-17 20:50:01 . 2009-10-17 20:50:01 860 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ANTIPPRO2009_100.reg.dat

2009-10-17 20:50:01 . 2009-10-17 20:50:01 990 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_6TO4.reg.dat

2009-10-17 20:49:53 . 2009-10-17 20:49:53 7,767 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2009-10-17 20:17:44 . 2009-10-17 20:17:44 1,131 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_kungsfjovashnp.reg.dat

2009-10-17 20:17:42 . 2009-10-17 20:17:42 1,591 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_hjgruiwsuebrql.reg.dat

2009-10-17 20:11:14 . 2009-10-17 20:11:14 0 ----a-w- C:\Qoobox\Quarantine\catchme.log

2009-10-13 16:33:27 . 2009-10-13 16:39:03 52,736 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dirupahu.dll.vir

2009-10-13 16:28:36 . 2009-10-13 16:38:33 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\nuvoyijo.dll.vir

2009-10-11 16:25:26 . 2009-10-11 16:25:26 274 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\60646527\60646527.bat.vir

2009-10-11 16:25:26 . 2009-10-11 16:25:26 1,050,147 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\60646527\60646527.exe.vir

2009-10-11 15:25:51 . 2009-10-11 15:25:51 13,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruissibnmpx.dll.vir

2009-10-08 03:33:07 . 2009-10-08 03:33:07 274 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\07322620\07322620.bat.vir

2009-10-08 03:33:07 . 2009-10-08 03:33:07 1,050,147 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\07322620\07322620.exe.vir

2009-10-07 14:37:37 . 2009-10-07 14:37:37 1,050,147 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\62188732\62188732.exe.vir

2009-10-07 13:53:06 . 2009-10-07 13:53:06 21,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruinpaowfbv.dll.vir

2009-10-06 13:36:40 . 2009-10-06 13:36:40 13,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruircmxdvmf.dll.vir

2009-10-05 14:40:57 . 2009-10-05 14:40:58 1,849 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\2241974040\2241974040.cfg.vir

2009-10-05 14:40:57 . 2009-10-05 14:40:57 1,048,099 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\2241974040\2241974040.exe.vir

2009-10-05 02:31:43 . 2009-10-05 02:31:43 272 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\9081900915\9081900915.bat.vir

2009-10-05 02:31:43 . 2009-10-05 02:31:43 1,689 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\9081900915\9081900915.cfg.vir

2009-10-05 02:31:43 . 2009-10-05 02:31:43 1,048,611 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\9081900915\9081900915.exe.vir

2009-10-04 02:31:27 . 2009-10-04 02:31:27 272 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\6750707535\6750707535.bat.vir

2009-10-04 02:31:27 . 2009-10-04 02:31:27 1,689 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\6750707535\6750707535.cfg.vir

2009-10-04 02:31:27 . 2009-10-04 02:31:27 1,048,099 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\6750707535\6750707535.exe.vir

2009-10-03 14:37:02 . 2009-10-03 14:37:03 1,849 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\9045131913\9045131913.cfg.vir

2009-10-03 14:37:02 . 2009-10-03 14:37:02 1,048,611 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\9045131913\9045131913.exe.vir

2009-10-02 14:30:44 . 2009-10-02 14:30:44 272 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\2628233894\2628233894.bat.vir

2009-10-02 14:30:44 . 2009-10-02 14:30:44 1,689 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\2628233894\2628233894.cfg.vir

2009-10-02 14:30:44 . 2009-10-02 14:30:44 1,048,611 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\2628233894\2628233894.exe.vir

2009-10-02 14:25:49 . 2009-10-02 14:34:53 17,818 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\uacinit.dll.vir

2009-10-02 14:25:33 . 2009-10-02 14:25:33 19,968 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxbhemqpkap.dll.vir

2009-10-02 14:25:29 . 2009-10-02 14:25:40 22,528 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winhelper.dll.vir

2009-10-02 14:25:27 . 2009-10-02 14:25:27 15,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\utdoinfeyp.dll.vir

2009-10-02 14:25:19 . 2009-10-02 14:25:25 1,245,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChfqxovnras.dll.vir

2009-10-02 14:25:18 . 2009-10-17 19:41:47 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\win32k.sys.vir

2009-10-02 14:25:16 . 2009-10-02 14:25:17 705 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqwerftijob.dat.vir

2009-10-02 14:25:16 . 2009-10-02 14:25:16 59,392 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\UACrnavipbxxn.dll.vir

2009-10-02 14:25:16 . 2009-10-02 14:25:16 82,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\UACosbedicjws.dll.vir

2009-10-02 14:25:16 . 2009-10-02 14:25:16 103,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACwrumbpfuvk.sys.vir

2009-10-02 14:25:14 . 2009-10-02 14:25:28 831 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir

2009-10-02 14:25:13 . 2009-10-02 14:25:11 45,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir

2009-09-30 00:48:04 . 2009-10-13 20:03:42 49,023 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\certstore.dat.vir

2009-09-27 17:43:39 . 2009-09-27 18:01:47 4 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bincd32.dat.vir

2009-09-13 15:10:26 . 2009-09-13 15:10:26 14 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\iniasd.txt.vir

2009-09-13 13:06:35 . 2009-09-13 13:06:35 102 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sonhelp.htm.vir

2009-09-10 01:11:56 . 2009-10-07 13:53:07 21,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruimxbnevpt.dll.vir

2009-09-04 12:59:25 . 2009-09-04 12:59:25 14,743 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\gero.reg.vir

2009-09-04 12:59:25 . 2009-09-04 12:59:25 10,389 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\syro.vbs.vir

2009-09-04 12:59:25 . 2009-09-04 12:59:25 10,885 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\udumud.vbs.vir

2009-09-04 12:59:25 . 2009-09-04 12:59:25 17,439 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Application Data\beket.reg.vir

2009-09-04 12:59:25 . 2009-09-04 12:59:25 17,127 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\JC Surveillance Inc\Cookies\xygidyh._sy.vir

2009-07-13 16:39:06 . 2009-07-13 16:39:06 52,736 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bubopoyu.dll.vir

2009-07-13 16:39:06 . 2009-07-13 16:39:06 52,736 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fomegozu.dll.vir

2009-07-13 16:39:06 . 2009-07-13 16:39:06 52,736 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mehoguhi.dll.vir

2009-07-13 16:33:22 . 2009-10-13 16:33:32 1,050,659 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\setunude.exe.vir

2009-07-13 16:33:22 . 2009-07-13 16:33:22 39,502 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gakemojo.dll.vir

2009-07-13 16:33:22 . 2009-10-13 16:33:24 91,136 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dapotado.dll.vir

2009-07-13 16:33:22 . 2009-07-13 16:33:22 1,011,650 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hajutuki.exe.vir

2009-07-13 16:33:22 . 2009-07-13 16:33:22 52,814 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kasiyebo.dll.vir

2009-07-12 04:25:25 . 2009-10-12 04:25:27 1,011,354 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lohowopo.exe.vir

2009-07-11 16:25:18 . 2009-10-11 16:25:25 1,050,147 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dojisino.exe.vir

2009-07-11 16:25:18 . 2009-10-11 16:25:20 194,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\godisida.exe.vir

2009-07-11 16:25:18 . 2009-07-11 16:25:18 1,011,426 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sohibesi.exe.vir

2009-07-11 16:25:18 . 2009-10-11 16:25:19 91,136 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dorebehi.dll.vir

2009-07-08 15:32:47 . 2009-07-08 15:32:47 1,011,324 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pikorahi.exe.vir

2009-07-08 03:32:47 . 2009-10-08 03:33:06 1,050,147 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\laduwowa.exe.vir

2009-07-08 03:32:47 . 2009-07-08 03:32:47 39,502 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bagipimu.dll.vir

2009-07-07 14:32:32 . 2009-07-07 14:32:32 1,050,225 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zeyosego.exe.vir

2009-07-07 14:32:32 . 2009-10-07 14:32:33 91,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tejahazu.dll.vir

2009-07-07 02:32:20 . 2009-07-07 02:32:20 39,502 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zagidato.dll.vir

2009-07-06 02:31:55 . 2009-10-06 02:32:01 1,048,611 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pulamiwa.exe.vir

2009-07-06 02:31:55 . 2009-07-06 02:31:55 39,502 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pirovowi.dll.vir

2009-07-05 14:31:50 . 2009-07-05 14:31:50 1,048,177 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zumijane.exe.vir

2009-07-05 02:31:38 . 2009-10-05 02:31:42 1,048,611 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\yobiseha.exe.vir

2009-07-05 02:31:38 . 2009-10-05 02:31:39 91,136 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lehelojo.dll.vir

2009-07-04 14:31:32 . 2009-07-04 14:31:32 1,048,177 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dakivepu.exe.vir

2009-07-04 02:31:23 . 2009-07-04 02:31:23 90,702 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pafihuba.dll.vir

2009-07-03 14:30:55 . 2009-07-03 14:30:55 1,048,689 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fonadohu.exe.vir

2009-07-03 02:30:42 . 2009-10-03 02:30:43 38,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\foyamugu.dll.vir

2009-07-03 02:30:42 . 2009-10-03 02:31:13 52,224 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\derupili.dll.vir

2009-07-02 14:30:38 . 2009-10-02 14:30:43 1,048,611 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fonemike.exe.vir

2009-06-28 05:14:02 . 2009-10-17 20:12:06 43 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruihghomedn.dat.vir

2009-06-28 05:12:57 . 2009-09-10 01:24:30 20,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruiyaoevayl.dll.vir

2009-06-28 05:12:50 . 2009-10-17 20:12:06 1,515,465 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruilvobimnn.dat.vir

2009-06-28 05:12:50 . 2009-06-28 05:12:50 44,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruifssylqiv.dll.vir

2009-06-28 05:12:50 . 2009-06-28 05:12:50 69,632 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\hjgruidsxfgyth.sys.vir

2009-05-28 05:11:45 . 2009-06-06 14:09:51 551,055 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kungsfyarprwlq.dat.vir

2009-01-28 05:13:12 . 2009-01-28 08:39:47 144 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\676773917.dat.vir

2007-05-20 20:48:24 . 2009-10-13 16:38:33 5,192 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir

2007-05-20 20:48:24 . 2009-10-13 16:38:33 4,232 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir

2004-08-10 16:51:11 . 2004-08-04 09:00:00 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4v32.dll.vir

2004-08-10 16:51:11 . 2004-08-04 09:00:00 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Iasv32.dll.vir

2004-08-10 16:51:11 . 2004-08-04 09:00:00 2,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\isasdk.sys.vir

2004-08-10 16:51:06 . 2004-08-04 09:00:00 61,952 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir

2004-08-04 09:00:00 . 2004-08-04 09:00:00 268 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Install.txt.vir

2004-08-04 09:00:00 . 2004-08-04 09:00:00 5 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\FInstall.sys.vir

2004-08-04 09:00:00 . 2004-08-04 09:00:00 268 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Install.txt.vir

2004-08-04 09:00:00 . 2004-08-04 09:00:00 130,560 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wiwow64.exe.vir

screen317 · October 18, 2009

Hi,

Looks like you posted the wrong log; post the contents of this file please:

C:\ComboFix.txt

salp · October 19, 2009

Hi,
Looks like you posted the wrong log; post the contents of this file please:
C:\ComboFix.txt

I thought we were on the right track?

That was the text file created by ComboFix - I did a search for C:\ComboFix.txt - found nothing! - Since we renamed it to salp.exe, I looked for a text document that way - NONE! - I did a search for all .txt files & the only other one for that day is a SchedLgu.txt file that looks unlike any other ComboFix posting that I've seen on the forum!

What's next?

PS - thanx again for your efforts!

screen317 · October 20, 2009

It ran fine, don't worry. I can see what it deleted from that log, so it's okay.

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

Click Start Scanning.
You should get a notification bar (on top) to install the ActiveX control.
Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan has finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

salp · October 20, 2009

It ran fine, don't worry. I can see what it deleted from that log, so it's okay.
Download DDS by sUBs and save it to your Desktop.
Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.
Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.
Click Start Scanning.
You should get a notification bar (on top) to install the ActiveX control.
Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan has finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and Copy/Paste what is present under results in your next reply.
Next, download my Security Check from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Let me know how things are running now and what issues remain.
-screen317

Here is the DDS log --

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 5/20/2007 4:37:09 PM

System Uptime: 10/20/2009 10:49:30 AM (3 hours ago)

Motherboard: Dell Inc. | | 0HJ054

Processor: Intel® Pentium® D CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 71 GiB total, 59.659 GiB free.

D: is CDROM ()

F: is CDROM (CDFS)

G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/100 VE Network Connection

Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_01AB1028&REV_01\4&5855BE9&0&40F0

Manufacturer: Intel

Name: Intel® PRO/100 VE Network Connection

PNP Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_01AB1028&REV_01\4&5855BE9&0&40F0

Service: E100B

==== System Restore Points ===================

RP1: 10/18/2009 11:53:38 AM - System Checkpoint

RP2: 10/20/2009 10:17:13 AM - Software Distribution Service 3.0

RP3: 10/20/2009 10:53:31 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Ad-Aware

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Reader 7.0.9

AOLIcon

AVG 8.5

Bounce Bully

BurnAware Free 2.3.3

CCleaner (remove only)

CDDRV_Installer

Corel Photo Album 6

Coupon Printer for Windows

Critical Update for Windows Media Player 11 (KB959772)

Dell CinePlayer

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Support Center (Support Software)

Dell System Restore

Digital Content Portal

EPSON Printer Software

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB896256)

Hotfix for Windows XP (KB906569)

Hotfix for Windows XP (KB908673)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

J2SE Runtime Environment 5.0 Update 6

Java 6 Update 15

KhalInstallWrapper

Learn2 Player (Uninstall Only)

Logitech SetPoint

MCU

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office Outlook 2003 with Business Contact Manager Update

Microsoft Office Small Business Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Mozilla Firefox (3.0.10)

Mozilla Thunderbird (2.0.0.23)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 6 Service Pack 2 (KB954459)

OpenOffice.org Installer 1.0

PC Pitstop Driver Alert 1.0.0.13

Qualxserve Service Agreement

QuickTime

RealPlayer

SearchAssist

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB942615)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944338)

Security Update for Windows XP (KB944533)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB947864)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB948881)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

SimCopter

Sonic Activation Module

Spybot - Search & Destroy

SUPERAntiSpyware Free Edition

TBS WMP Plug-in

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB912945)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB946627)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB973815)

URL Assistant

Viewpoint Media Player

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebCyberCoach 3.2 Dell

WebFldrs XP

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Installer Clean Up

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB889673

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

==== Event Viewer Messages From Past Week ========

10/20/2009 10:53:49 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.67.940.0).

10/20/2009 10:25:20 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

10/20/2009 10:03:46 AM, error: Service Control Manager [7034] - The MSSQL$MICROSOFTSMLBIZ service terminated unexpectedly. It has done this 1 time(s).

10/17/2009 4:53:01 PM, error: PlugPlayManager [11] - The device Root\LEGACY_MDTDISK\0000 disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'WAN Miniport (PPTP)' (Root\MS_PPTPMINIPORT\0000) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Video Codecs' (Root\MEDIA\MS_MMVID) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Plug and Play Software Device Enumerator' (Root\SYSTEM\0000) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Microsoft System Management BIOS Driver' (Root\SYSTEM\0002) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Microcode Update Device' (Root\SYSTEM\0001) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Media Control Devices' (Root\MEDIA\MS_MMMCI) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Legacy Video Capture Devices' (Root\MEDIA\MS_MMVCD) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Legacy Audio Drivers' (Root\MEDIA\MS_MMDRV) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Audio Codecs' (Root\MEDIA\MS_MMACM) disappeared from the system without first being prepared for removal.

10/17/2009 4:44:59 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: Access is denied.

10/17/2009 4:17:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

10/17/2009 4:12:31 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

10/17/2009 4:12:31 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

10/17/2009 4:12:31 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.

10/17/2009 4:11:10 PM, error: SRService [104] - The System Restore initialization process failed.

10/17/2009 4:07:29 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

10/14/2009 12:03:50 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).

10/14/2009 12:03:50 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

10/13/2009 5:21:36 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MJS that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6EC30E0D-BE46-41F0-977E. The master browser is stopping or an election is being forced.

10/13/2009 5:03:05 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is MJS.

10/13/2009 4:45:42 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.0.2. The machine with the IP address 192.168.0.5 did not allow the name to be claimed by this machine.

10/13/2009 3:40:09 PM, error: DCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "%5" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

10/13/2009 12:54:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

10/13/2009 12:54:16 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/13/2009 12:54:12 PM, error: Service Control Manager [7034] - The BtwSrv service terminated unexpectedly. It has done this 1 time(s).

10/13/2009 12:54:05 PM, error: Service Control Manager [7022] - The BtwSrv service hung on starting.

10/13/2009 12:53:17 PM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: Access is denied.

10/13/2009 12:53:17 PM, error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: The system cannot find the file specified.

10/13/2009 12:53:17 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: Access is denied.

10/13/2009 12:34:52 PM, error: Service Control Manager [7034] - The fastnetsrv Service service terminated unexpectedly. It has done this 1 time(s).

10/13/2009 12:33:06 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00184D340B6A. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================

NOTE -- still NO internet access available! so I can't run the online F scan!

I will do the security check next thru the thumbdrive hopefully

Thanx, Sal

salp · October 20, 2009

Here is the Security Check .txt file --

Results of screen317's Security Check version 0.99.0

Windows XP Service Pack 2

Out of date service pack!!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 8.5

``````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Spybot - Search & Destroy

SUPERAntiSpyware Free Edition

Windows Defender

CCleaner (remove only)

Java 6 Update 15

Adobe Flash Player 10

Adobe Reader 7.0.9

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

screen317 · October 21, 2009

DDS should have created two logs; please run it again and post both.

-screen317

Multiple problems started with Windows Police Pro!

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information