donj Posted February 13, 2010 ID:199142 Share Posted February 13, 2010 Malewarebytes scan detects and removes HIJACK.REGEDIT, however it keeps coming back. I also ran Combofix. The computer has an internet connection, but the browsers (IE, Firefox, Chrome) will not open a web page. I have included the log files. Any help will be much appreciated!mbam_log_2010_02_12__20_52_48_.txtlog.txt Link to post Share on other sites More sharing options...
donj Posted February 13, 2010 Author ID:199147 Share Posted February 13, 2010 Malewarebytes scan detects and removes HIJACK.REGEDIT, however it keeps coming back. I also ran Combofix. The computer has an internet connection, but the browsers (IE, Firefox, Chrome) will not open a web page. I have included the log files. Any help will be much appreciated!Combofix must have fixed the registry error...I just ran a quick scan and their is 0 infections now. However, I still cannot connect to the internet. Link to post Share on other sites More sharing options...
donj Posted February 13, 2010 Author ID:199451 Share Posted February 13, 2010 Combofix must have fixed the registry error...I just ran a quick scan and their is 0 infections now. However, I still cannot connect to the internet.I just did a scan with DDS and attached the results. Still cannot open web pages.DDS.txt Link to post Share on other sites More sharing options...
JSntgRvr Posted February 14, 2010 ID:199947 Share Posted February 14, 2010 Hi, donj Lets give it a try. Some programs may be compromised.Copy the entire contents of the Code Box below to Notepad. Name the file as CFScript.txt Change the Save as Type to All Files and Save it on the desktophttp://forums.malwarebytes.org/index.php?act=ST&f=7&t=39848Collect::c:\windows\system32\aexarasug.exec:\windows\system32\accesse.exec:\windows\system32\ndismgr.sysFCopy::c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers\tcpip.sysFile::c:\program files\20484187.datc:\program files\20483640.datc:\program files\20459281.datc:\program files\20458718.datc:\program files\1475171.datc:\program files\1117984.datc:\program files\894875.datc:\program files\24539093.datc:\documents and settings\Don\Application Data\gaboln\hxmrsftav .exeDirLook::c:\documents and settings\Don\Application Data\gabolnc:\documents and settings\Administrator\Local Settings\Application Data\dgakthc:\documents and settings\Administrator\Local Settings\Application Data\fnlxtkc:\documents and settings\Administrator\Local Settings\Application Data\ybchsec:\documents and settings\Administrator\Local Settings\Application Data\rorqsxc:\documents and settings\Administrator\Local Settings\Application Data\uquibpc:\documents and settings\Administrator\Local Settings\Application Data\fvawxdc:\documents and settings\Administrator\Local Settings\Application Data\fcaahic:\documents and settings\Administrator\Local Settings\Application Data\yivbrqc:\documents and settings\Administrator\Local Settings\Application Data\rvlkrkc:\documents and settings\Administrator\Local Settings\Application Data\dgyveic:\documents and settings\Administrator\Local Settings\Application Data\yfesmoc:\documents and settings\Administrator\Local Settings\Application Data\dvmgkvc:\documents and settings\Administrator\Application Data\uskiwac:\documents and settings\Administrator\Local Settings\Application Data\uskiwac:\documents and settings\Administrator\Local Settings\Application Data\kvtrffc:\documents and settings\Administrator\Local Settings\Application Data\mfqqcic:\documents and settings\Administrator\Local Settings\Application Data\hjahoqc:\documents and settings\Administrator\Application Data\kfaesuc:\documents and settings\Administrator\Local Settings\Application Data\kfaesuc:\documents and settings\Administrator\Local Settings\Application Data\waegsdc:\documents and settings\Administrator\Local Settings\Application Data\xmoqogc:\documents and settings\Administrator\Local Settings\Application Data\csgjfqc:\documents and settings\Administrator\Local Settings\Application Data\bfakvpc:\documents and settings\Administrator\Local Settings\Application Data\scxmjuc:\documents and settings\Administrator\Local Settings\Application Data\efqqghc:\documents and settings\Administrator\Local Settings\Application Data\nylugrc:\documents and settings\Administrator\Local Settings\Application Data\ueaermc:\documents and settings\Administrator\Local Settings\Application Data\dtxfhcc:\documents and settings\Administrator\Local Settings\Application Data\rlvfsec:\documents and settings\Administrator\Local Settings\Application Data\vwwvyyc:\documents and settings\Administrator\Local Settings\Application Data\syageoc:\documents and settings\Don\Local Settings\Application Data\abietkc:\documents and settings\Don\Local Settings\Application Data\ufrtfsc:\documents and settings\Don\Local Settings\Application Data\wvjbshc:\documents and settings\Don\Local Settings\Application Data\fmjtagc:\documents and settings\Don\Local Settings\Application Data\iloebwc:\documents and settings\Don\Local Settings\Application Data\sfkibgc:\documents and settings\Don\Local Settings\Application Data\tvcpnuc:\documents and settings\Don\Local Settings\Application Data\itddfoc:\documents and settings\Don\Local Settings\Application Data\gfwhqac:\documents and settings\Administrator\Local Settings\Application Data\gkalbic:\documents and settings\Administrator\Local Settings\Application Data\cbsmjtc:\documents and settings\Administrator\Local Settings\Application Data\yvtjiqc:\documents and settings\Don\Local Settings\Application Data\hlwkjfc:\documents and settings\Don\Local Settings\Application Data\jkkmibc:\documents and settings\Don\Local Settings\Application Data\ubalarc:\documents and settings\Don\Application Data\fbwefsc:\documents and settings\Don\Local Settings\Application Data\fbwefsc:\documents and settings\Don\Application Data\yomnfmc:\documents and settings\Don\Local Settings\Application Data\yomnfmc:\documents and settings\Don\Local Settings\Application Data\hrvqjoc:\documents and settings\Don\Local Settings\Application Data\wufaqtc:\documents and settings\Don\Local Settings\Application Data\bnsrrxc:\documents and settings\Don\Local Settings\Application Data\vkgapuc:\documents and settings\Don\Local Settings\Application Data\mlcxyac:\documents and settings\Don\Local Settings\Application Data\fdkcowc:\documents and settings\Don\Local Settings\Application Data\lllwyrc:\documents and settings\Don\Local Settings\Application Data\pehutxc:\documents and settings\Don\Application Data\kdhopuc:\documents and settings\Don\Local Settings\Application Data\kdhopuc:\documents and settings\Don\Local Settings\Application Data\rivwbqc:\documents and settings\Administrator\Local Settings\Application Data\xonubkc:\documents and settings\Administrator\Local Settings\Application Data\bwrapuc:\documents and settings\Administrator\Local Settings\Application Data\nspvyvc:\documents and settings\Administrator\Local Settings\Application Data\tbqpirc:\documents and settings\Administrator\Local Settings\Application Data\urjwugc:\documents and settings\Administrator\Local Settings\Application Data\pvsmhoc:\documents and settings\Administrator\Local Settings\Application Data\bggytmc:\documents and settings\Administrator\Local Settings\Application Data\enqmtpc:\documents and settings\Administrator\Local Settings\Application Data\iluhfhc:\documents and settings\Administrator\Local Settings\Application Data\txntbrc:\documents and settings\Administrator\Local Settings\Application Data\lukvovc:\documents and settings\Administrator\Local Settings\Application Data\rjhxmdc:\documents and settings\Administrator\Local Settings\Application Data\cirftfc:\documents and settings\Administrator\Local Settings\Application Data\mcmjtoc:\documents and settings\Administrator\Local Settings\Application Data\usldbmc:\documents and settings\Administrator\Local Settings\Application Data\djkvjlc:\documents and settings\Administrator\Local Settings\Application Data\yelsiic:\documents and settings\Administrator\Local Settings\Application Data\Adobec:\documents and settings\Administrator\Local Settings\Application Data\feyrpuc:\documents and settings\Administrator\Local Settings\Application Data\tjtmwac:\documents and settings\Administrator\Local Settings\Application Data\qhowqrc:\documents and settings\Administrator\Local Settings\Application Data\kufgplc:\documents and settings\Administrator\Local Settings\Application Data\irksuqc:\documents and settings\Administrator\Local Settings\Application Data\oylmelc:\documents and settings\Administrator\Local Settings\Application Data\lmrcowc:\documents and settings\Administrator\Local Settings\Application Data\wwfnbuc:\documents and settings\HP_Administrator\Local Settings\Application Data\xdlqitc:\documents and settings\Don\Local Settings\Application Data\kgbsoec:\documents and settings\Don\Local Settings\Application Data\tavwonc:\documents and settings\Don\Local Settings\Application Data\puxunkc:\documents and settings\Don\Local Settings\Application Data\gxnjmvc:\documents and settings\Don\Local Settings\Application Data\hogqykc:\documents and settings\Don\Local Settings\Application Data\lxhknac:\documents and settings\Don\Local Settings\Application Data\togeuyc:\documents and settings\Don\Local Settings\Application Data\eytphwc:\documents and settings\Don\Local Settings\Application Data\xmkygqc:\documents and settings\Administrator\Application Data\qrkfmac:\documents and settings\Administrator\Local Settings\Application Data\qrkfmac:\documents and settings\Administrator\Local Settings\Application Data\vissjhc:\documents and settings\Don\Local Settings\Application Data\canyjjc:\documents and settings\Don\Local Settings\Application Data\rbkwsoc:\documents and settings\Don\Local Settings\Application Data\cbhpxqc:\documents and settings\Don\Local Settings\Application Data\nlbgbvc:\documents and settings\Don\Local Settings\Application Data\taxiacc:\documents and settings\Don\Local Settings\Application Data\aotkyjRenV::c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exec:\program files\Common Files\Adobe\ARM\1.0\adobearm .exec:\program files\Common Files\Real\Update_OB\realsched .exec:\program files\Dell AIO Printer A960\dlbfbmgr .exec:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08 .exec:\program files\iTunes\ituneshelper .exec:\program files\Malwarebytes' Anti-Malware\mbam .exec:\program files\Norton Internet Security\urllstck .exec:\program files\Spyware Doctor\pctstray .exec:\windows\ehome\ehtray .exeRegistry::[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sefjhf98jfoidsfoishgoiusgdgfgd]Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.**Note** When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.Ensure you are connected to the internet and click OK on the message box. (This may not even happen in your condition.)====================================================================Please download SystemLook from one of the links below and save it to your Desktop.Download Mirror #1Download Mirror #2Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield::filefindctfmon.exerundll32.exeClick the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt Link to post Share on other sites More sharing options...
donj Posted February 15, 2010 Author ID:199962 Share Posted February 15, 2010 Hi, donj Lets give it a try. Some programs may be compromised.Copy the entire contents of the Code Box below to Notepad. Name the file as CFScript.txt Change the Save as Type to All Files and Save it on the desktophttp://forums.malwarebytes.org/index.php?act=ST&f=7&t=39848Collect::c:\windows\system32\aexarasug.exec:\windows\system32\accesse.exec:\windows\system32\ndismgr.sysFCopy::c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers\tcpip.sysFile::c:\program files\20484187.datc:\program files\20483640.datc:\program files\20459281.datc:\program files\20458718.datc:\program files\1475171.datc:\program files\1117984.datc:\program files\894875.datc:\program files\24539093.datc:\documents and settings\Don\Application Data\gaboln\hxmrsftav .exeDirLook::c:\documents and settings\Don\Application Data\gabolnc:\documents and settings\Administrator\Local Settings\Application Data\dgakthc:\documents and settings\Administrator\Local Settings\Application Data\fnlxtkc:\documents and settings\Administrator\Local Settings\Application Data\ybchsec:\documents and settings\Administrator\Local Settings\Application Data\rorqsxc:\documents and settings\Administrator\Local Settings\Application Data\uquibpc:\documents and settings\Administrator\Local Settings\Application Data\fvawxdc:\documents and settings\Administrator\Local Settings\Application Data\fcaahic:\documents and settings\Administrator\Local Settings\Application Data\yivbrqc:\documents and settings\Administrator\Local Settings\Application Data\rvlkrkc:\documents and settings\Administrator\Local Settings\Application Data\dgyveic:\documents and settings\Administrator\Local Settings\Application Data\yfesmoc:\documents and settings\Administrator\Local Settings\Application Data\dvmgkvc:\documents and settings\Administrator\Application Data\uskiwac:\documents and settings\Administrator\Local Settings\Application Data\uskiwac:\documents and settings\Administrator\Local Settings\Application Data\kvtrffc:\documents and settings\Administrator\Local Settings\Application Data\mfqqcic:\documents and settings\Administrator\Local Settings\Application Data\hjahoqc:\documents and settings\Administrator\Application Data\kfaesuc:\documents and settings\Administrator\Local Settings\Application Data\kfaesuc:\documents and settings\Administrator\Local Settings\Application Data\waegsdc:\documents and settings\Administrator\Local Settings\Application Data\xmoqogc:\documents and settings\Administrator\Local Settings\Application Data\csgjfqc:\documents and settings\Administrator\Local Settings\Application Data\bfakvpc:\documents and settings\Administrator\Local Settings\Application Data\scxmjuc:\documents and settings\Administrator\Local Settings\Application Data\efqqghc:\documents and settings\Administrator\Local Settings\Application Data\nylugrc:\documents and settings\Administrator\Local Settings\Application Data\ueaermc:\documents and settings\Administrator\Local Settings\Application Data\dtxfhcc:\documents and settings\Administrator\Local Settings\Application Data\rlvfsec:\documents and settings\Administrator\Local Settings\Application Data\vwwvyyc:\documents and settings\Administrator\Local Settings\Application Data\syageoc:\documents and settings\Don\Local Settings\Application Data\abietkc:\documents and settings\Don\Local Settings\Application Data\ufrtfsc:\documents and settings\Don\Local Settings\Application Data\wvjbshc:\documents and settings\Don\Local Settings\Application Data\fmjtagc:\documents and settings\Don\Local Settings\Application Data\iloebwc:\documents and settings\Don\Local Settings\Application Data\sfkibgc:\documents and settings\Don\Local Settings\Application Data\tvcpnuc:\documents and settings\Don\Local Settings\Application Data\itddfoc:\documents and settings\Don\Local Settings\Application Data\gfwhqac:\documents and settings\Administrator\Local Settings\Application Data\gkalbic:\documents and settings\Administrator\Local Settings\Application Data\cbsmjtc:\documents and settings\Administrator\Local Settings\Application Data\yvtjiqc:\documents and settings\Don\Local Settings\Application Data\hlwkjfc:\documents and settings\Don\Local Settings\Application Data\jkkmibc:\documents and settings\Don\Local Settings\Application Data\ubalarc:\documents and settings\Don\Application Data\fbwefsc:\documents and settings\Don\Local Settings\Application Data\fbwefsc:\documents and settings\Don\Application Data\yomnfmc:\documents and settings\Don\Local Settings\Application Data\yomnfmc:\documents and settings\Don\Local Settings\Application Data\hrvqjoc:\documents and settings\Don\Local Settings\Application Data\wufaqtc:\documents and settings\Don\Local Settings\Application Data\bnsrrxc:\documents and settings\Don\Local Settings\Application Data\vkgapuc:\documents and settings\Don\Local Settings\Application Data\mlcxyac:\documents and settings\Don\Local Settings\Application Data\fdkcowc:\documents and settings\Don\Local Settings\Application Data\lllwyrc:\documents and settings\Don\Local Settings\Application Data\pehutxc:\documents and settings\Don\Application Data\kdhopuc:\documents and settings\Don\Local Settings\Application Data\kdhopuc:\documents and settings\Don\Local Settings\Application Data\rivwbqc:\documents and settings\Administrator\Local Settings\Application Data\xonubkc:\documents and settings\Administrator\Local Settings\Application Data\bwrapuc:\documents and settings\Administrator\Local Settings\Application Data\nspvyvc:\documents and settings\Administrator\Local Settings\Application Data\tbqpirc:\documents and settings\Administrator\Local Settings\Application Data\urjwugc:\documents and settings\Administrator\Local Settings\Application Data\pvsmhoc:\documents and settings\Administrator\Local Settings\Application Data\bggytmc:\documents and settings\Administrator\Local Settings\Application Data\enqmtpc:\documents and settings\Administrator\Local Settings\Application Data\iluhfhc:\documents and settings\Administrator\Local Settings\Application Data\txntbrc:\documents and settings\Administrator\Local Settings\Application Data\lukvovc:\documents and settings\Administrator\Local Settings\Application Data\rjhxmdc:\documents and settings\Administrator\Local Settings\Application Data\cirftfc:\documents and settings\Administrator\Local Settings\Application Data\mcmjtoc:\documents and settings\Administrator\Local Settings\Application Data\usldbmc:\documents and settings\Administrator\Local Settings\Application Data\djkvjlc:\documents and settings\Administrator\Local Settings\Application Data\yelsiic:\documents and settings\Administrator\Local Settings\Application Data\Adobec:\documents and settings\Administrator\Local Settings\Application Data\feyrpuc:\documents and settings\Administrator\Local Settings\Application Data\tjtmwac:\documents and settings\Administrator\Local Settings\Application Data\qhowqrc:\documents and settings\Administrator\Local Settings\Application Data\kufgplc:\documents and settings\Administrator\Local Settings\Application Data\irksuqc:\documents and settings\Administrator\Local Settings\Application Data\oylmelc:\documents and settings\Administrator\Local Settings\Application Data\lmrcowc:\documents and settings\Administrator\Local Settings\Application Data\wwfnbuc:\documents and settings\HP_Administrator\Local Settings\Application Data\xdlqitc:\documents and settings\Don\Local Settings\Application Data\kgbsoec:\documents and settings\Don\Local Settings\Application Data\tavwonc:\documents and settings\Don\Local Settings\Application Data\puxunkc:\documents and settings\Don\Local Settings\Application Data\gxnjmvc:\documents and settings\Don\Local Settings\Application Data\hogqykc:\documents and settings\Don\Local Settings\Application Data\lxhknac:\documents and settings\Don\Local Settings\Application Data\togeuyc:\documents and settings\Don\Local Settings\Application Data\eytphwc:\documents and settings\Don\Local Settings\Application Data\xmkygqc:\documents and settings\Administrator\Application Data\qrkfmac:\documents and settings\Administrator\Local Settings\Application Data\qrkfmac:\documents and settings\Administrator\Local Settings\Application Data\vissjhc:\documents and settings\Don\Local Settings\Application Data\canyjjc:\documents and settings\Don\Local Settings\Application Data\rbkwsoc:\documents and settings\Don\Local Settings\Application Data\cbhpxqc:\documents and settings\Don\Local Settings\Application Data\nlbgbvc:\documents and settings\Don\Local Settings\Application Data\taxiacc:\documents and settings\Don\Local Settings\Application Data\aotkyjRenV::c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exec:\program files\Common Files\Adobe\ARM\1.0\adobearm .exec:\program files\Common Files\Real\Update_OB\realsched .exec:\program files\Dell AIO Printer A960\dlbfbmgr .exec:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08 .exec:\program files\iTunes\ituneshelper .exec:\program files\Malwarebytes' Anti-Malware\mbam .exec:\program files\Norton Internet Security\urllstck .exec:\program files\Spyware Doctor\pctstray .exec:\windows\ehome\ehtray .exeRegistry::[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sefjhf98jfoidsfoishgoiusgdgfgd]Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.**Note** When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.Ensure you are connected to the internet and click OK on the message box. (This may not even happen in your condition.)====================================================================Please download SystemLook from one of the links below and save it to your Desktop.Download Mirror #1Download Mirror #2Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield:Click the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txtThank you for your help and Sorry for the delay. Attached are the logs you requested.log2.txtSystemLook.txt Link to post Share on other sites More sharing options...
JSntgRvr Posted February 15, 2010 ID:199967 Share Posted February 15, 2010 Enter your Control Panel and double-click on Network ConnectionsThen right click on your Default ConnectionUsually Local Area Connection for Cable and DSL, or AOL Connection.[*]Left click on Properties[*]Double-Click on the Internet Protocol (TCP/IP) item[*]Select the radio dial that says Obtain DNS Servers Automatically[*]Press OK twice to get out of the properties screenGo to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:netsh int ip reset C:\Resetlog.txtnetsh winsock reset catalogipconfig /flushdns (The space between g and / is needed)ExitRestart the computer.Copy the entire contents of the Quote Box below to Notepad. Name the file as CFScript.txt Change the Save as Type to All Files and Save it on the desktopFolder::c:\documents and settings\Don\Application Data\gabolnc:\documents and settings\Administrator\Local Settings\Application Data\dgakthc:\documents and settings\Administrator\Local Settings\Application Data\fnlxtkc:\documents and settings\Administrator\Local Settings\Application Data\ybchsec:\documents and settings\Administrator\Local Settings\Application Data\rorqsxc:\documents and settings\Administrator\Local Settings\Application Data\uquibpc:\documents and settings\Administrator\Local Settings\Application Data\fvawxdc:\documents and settings\Administrator\Local Settings\Application Data\fcaahic:\documents and settings\Administrator\Local Settings\Application Data\yivbrqc:\documents and settings\Administrator\Local Settings\Application Data\rvlkrkc:\documents and settings\Administrator\Local Settings\Application Data\dgyveic:\documents and settings\Administrator\Local Settings\Application Data\yfesmoc:\documents and settings\Administrator\Local Settings\Application Data\dvmgkvc:\documents and settings\Administrator\Application Data\uskiwac:\documents and settings\Administrator\Local Settings\Application Data\uskiwac:\documents and settings\Administrator\Local Settings\Application Data\kvtrffc:\documents and settings\Administrator\Local Settings\Application Data\mfqqcic:\documents and settings\Administrator\Local Settings\Application Data\hjahoqc:\documents and settings\Administrator\Application Data\kfaesuc:\documents and settings\Administrator\Local Settings\Application Data\kfaesuc:\documents and settings\Administrator\Local Settings\Application Data\waegsdc:\documents and settings\Administrator\Local Settings\Application Data\xmoqogc:\documents and settings\Administrator\Local Settings\Application Data\csgjfqc:\documents and settings\Administrator\Local Settings\Application Data\bfakvpc:\documents and settings\Administrator\Local Settings\Application Data\scxmjuc:\documents and settings\Administrator\Local Settings\Application Data\efqqghc:\documents and settings\Administrator\Local Settings\Application Data\nylugrc:\documents and settings\Administrator\Local Settings\Application Data\ueaermc:\documents and settings\Administrator\Local Settings\Application Data\dtxfhcc:\documents and settings\Administrator\Local Settings\Application Data\rlvfsec:\documents and settings\Administrator\Local Settings\Application Data\vwwvyyc:\documents and settings\Administrator\Local Settings\Application Data\syageoc:\documents and settings\Don\Local Settings\Application Data\abietkc:\documents and settings\Don\Local Settings\Application Data\ufrtfsc:\documents and settings\Don\Local Settings\Application Data\wvjbshc:\documents and settings\Don\Local Settings\Application Data\fmjtagc:\documents and settings\Don\Local Settings\Application Data\iloebwc:\documents and settings\Don\Local Settings\Application Data\sfkibgc:\documents and settings\Don\Local Settings\Application Data\tvcpnuc:\documents and settings\Don\Local Settings\Application Data\itddfoc:\documents and settings\Don\Local Settings\Application Data\gfwhqac:\documents and settings\Administrator\Local Settings\Application Data\gkalbic:\documents and settings\Administrator\Local Settings\Application Data\cbsmjtc:\documents and settings\Administrator\Local Settings\Application Data\yvtjiqc:\documents and settings\Don\Local Settings\Application Data\hlwkjfc:\documents and settings\Don\Local Settings\Application Data\jkkmibc:\documents and settings\Don\Local Settings\Application Data\ubalarc:\documents and settings\Don\Application Data\fbwefsc:\documents and settings\Don\Local Settings\Application Data\fbwefsc:\documents and settings\Don\Application Data\yomnfmc:\documents and settings\Don\Local Settings\Application Data\yomnfmc:\documents and settings\Don\Local Settings\Application Data\hrvqjoc:\documents and settings\Don\Local Settings\Application Data\wufaqtc:\documents and settings\Don\Local Settings\Application Data\bnsrrxc:\documents and settings\Don\Local Settings\Application Data\vkgapuc:\documents and settings\Don\Local Settings\Application Data\mlcxyac:\documents and settings\Don\Local Settings\Application Data\fdkcowc:\documents and settings\Don\Local Settings\Application Data\lllwyrc:\documents and settings\Don\Local Settings\Application Data\pehutxc:\documents and settings\Don\Application Data\kdhopuc:\documents and settings\Don\Local Settings\Application Data\kdhopuc:\documents and settings\Don\Local Settings\Application Data\rivwbqc:\documents and settings\Administrator\Local Settings\Application Data\xonubkc:\documents and settings\Administrator\Local Settings\Application Data\bwrapuc:\documents and settings\Administrator\Local Settings\Application Data\nspvyvc:\documents and settings\Administrator\Local Settings\Application Data\tbqpirc:\documents and settings\Administrator\Local Settings\Application Data\urjwugc:\documents and settings\Administrator\Local Settings\Application Data\pvsmhoc:\documents and settings\Administrator\Local Settings\Application Data\bggytmc:\documents and settings\Administrator\Local Settings\Application Data\enqmtpc:\documents and settings\Administrator\Local Settings\Application Data\iluhfhc:\documents and settings\Administrator\Local Settings\Application Data\txntbrc:\documents and settings\Administrator\Local Settings\Application Data\lukvovc:\documents and settings\Administrator\Local Settings\Application Data\rjhxmdc:\documents and settings\Administrator\Local Settings\Application Data\cirftfc:\documents and settings\Administrator\Local Settings\Application Data\mcmjtoc:\documents and settings\Administrator\Local Settings\Application Data\usldbmc:\documents and settings\Administrator\Local Settings\Application Data\djkvjlc:\documents and settings\Administrator\Local Settings\Application Data\yelsiic:\documents and settings\Administrator\Local Settings\Application Data\Adobec:\documents and settings\Administrator\Local Settings\Application Data\feyrpuc:\documents and settings\Administrator\Local Settings\Application Data\tjtmwac:\documents and settings\Administrator\Local Settings\Application Data\qhowqrc:\documents and settings\Administrator\Local Settings\Application Data\kufgplc:\documents and settings\Administrator\Local Settings\Application Data\irksuqc:\documents and settings\Administrator\Local Settings\Application Data\oylmelc:\documents and settings\Administrator\Local Settings\Application Data\lmrcowc:\documents and settings\Administrator\Local Settings\Application Data\wwfnbuc:\documents and settings\HP_Administrator\Local Settings\Application Data\xdlqitc:\documents and settings\Don\Local Settings\Application Data\kgbsoec:\documents and settings\Don\Local Settings\Application Data\tavwonc:\documents and settings\Don\Local Settings\Application Data\puxunkc:\documents and settings\Don\Local Settings\Application Data\gxnjmvc:\documents and settings\Don\Local Settings\Application Data\hogqykc:\documents and settings\Don\Local Settings\Application Data\lxhknac:\documents and settings\Don\Local Settings\Application Data\togeuyc:\documents and settings\Don\Local Settings\Application Data\eytphwc:\documents and settings\Don\Local Settings\Application Data\xmkygqc:\documents and settings\Administrator\Application Data\qrkfmac:\documents and settings\Administrator\Local Settings\Application Data\qrkfmac:\documents and settings\Administrator\Local Settings\Application Data\vissjhc:\documents and settings\Don\Local Settings\Application Data\canyjjc:\documents and settings\Don\Local Settings\Application Data\rbkwsoc:\documents and settings\Don\Local Settings\Application Data\cbhpxqc:\documents and settings\Don\Local Settings\Application Data\nlbgbvc:\documents and settings\Don\Local Settings\Application Data\taxiacc:\documents and settings\Don\Local Settings\Application Data\aotkyjfile::c:\program files\42513593.datc:\program files\1966312.datOnce saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.Open the following file and post its contents:ComboFix-quarantined-files.txt Link to post Share on other sites More sharing options...
donj Posted February 15, 2010 Author ID:199977 Share Posted February 15, 2010 Windows said the fist command line in DOS 'netsh int ip reset C:\ Resetlog.txt' had the wrong syntax. I entered as shown here. I continued on with the rest of your instructions. The logs are attached.log3.txtComboFix_quarantined_files.txt Link to post Share on other sites More sharing options...
donj Posted February 15, 2010 Author ID:199983 Share Posted February 15, 2010 I went back and entered command without space after the slash 'netsh int ip reset C:\Resetlog.txt' and windows said 'could not obtain host info fom machine. some commands may not be available. the system cannot find the file specified.' Link to post Share on other sites More sharing options...
donj Posted February 15, 2010 Author ID:199994 Share Posted February 15, 2010 I connect to a wireless network in my house. Everytime I restart the computer I have to go to 'services' to start 'wireless zero configuration' which controls my wireless usb adapter. After I do this I can see avilable wireless networks and I am connected to my network. Link to post Share on other sites More sharing options...
JSntgRvr Posted February 15, 2010 ID:199998 Share Posted February 15, 2010 Something is producing lots of empty folders and files. Are you still unable to connect. The syntax is correct.Copy the entire contents of the Quote Box below to Notepad. Name the file as CFScript.txt Change the Save as Type to All Files and Save it on the desktopDeQuarantine::C:\Qoobox\Quarantine\C\documents and settings\Administrator\Local Settings\Application Data\AdobeDriver::ImapiServiceSPBBCSvcWmiClipSrvndismgrFolder::c:\documents and settings\Administrator\Local Settings\Application Data\jenfakc:\documents and settings\Don\Local Settings\Application Data\tilheuc:\documents and settings\Don\Local Settings\Application Data\lfjjqyc:\documents and settings\Don\Local Settings\Application Data\huckalc:\documents and settings\Don\Local Settings\Application Data\eeshruc:\documents and settings\Don\Local Settings\Application Data\hybqlcc:\documents and settings\Don\Local Settings\Application Data\nhckvwc:\documents and settings\Don\Local Settings\Application Data\feamicc:\documents and settings\Don\Application Data\kdwxjbc:\documents and settings\Don\Local Settings\Application Data\kdwxjbc:\documents and settings\Don\Local Settings\Application Data\cusjwbc:\documents and settings\Don\Local Settings\Application Data\ydqcqbc:\documents and settings\Don\Local Settings\Application Data\bxylkic:\documents and settings\Don\Local Settings\Application Data\gvcgwac:\documents and settings\Don\Local Settings\Application Data\fllnpdc:\documents and settings\Don\Local Settings\Application Data\wijpcic:\documents and settings\Don\Local Settings\Application Data\pkvtvfc:\documents and settings\Don\Application Data\dbbtkic:\documents and settings\Don\Local Settings\Application Data\dbbtkic:\documents and settings\Don\Local Settings\Application Data\iyfowac:\documents and settings\Don\Local Settings\Application Data\qnrwgxc:\documents and settings\Administrator\Application Data\mwwedrc:\documents and settings\Administrator\Local Settings\Application Data\mwwedrc:\documents and settings\Administrator\Local Settings\Application Data\quaypjc:\documents and settings\Don\Local Settings\Application Data\smfyftc:\documents and settings\Don\Local Settings\Application Data\tfjqpic:\documents and settings\Don\Local Settings\Application Data\wxfplpc:\documents and settings\Don\Local Settings\Application Data\rbgkfyc:\documents and settings\Don\Local Settings\Application Data\mfobrhc:\documents and settings\Don\Local Settings\Application Data\qdsveac:\documents and settings\Don\Local Settings\Application Data\awnbejc:\documents and settings\Don\Local Settings\Application Data\hpyfjic:\documents and settings\Don\Local Settings\Application Data\rlcusxc:\documents and settings\Don\Local Settings\Application Data\ldhgajc:\documents and settings\Don\Local Settings\Application Data\okpntec:\documents and settings\Don\Local Settings\Application Data\lvjrfpc:\documents and settings\Don\Local Settings\Application Data\wttymrc:\documents and settings\Don\Local Settings\Application Data\gnodlbc:\documents and settings\Don\Local Settings\Application Data\gyknyac:\documents and settings\Don\Local Settings\Application Data\uqjmlbc:\documents and settings\Don\Local Settings\Application Data\mngpxgc:\documents and settings\Don\Application Data\cjuqqac:\documents and settings\Don\Local Settings\Application Data\cjuqqac:\documents and settings\Don\Local Settings\Application Data\guuhxuc:\documents and settings\Don\Local Settings\Application Data\qfisktc:\documents and settings\Don\Local Settings\Application Data\dgoljgc:\documents and settings\Don\Local Settings\Application Data\oltbftc:\documents and settings\Don\Local Settings\Application Data\qsfofwc:\documents and settings\Don\Local Settings\Application Data\vwtuvyc:\documents and settings\Don\Local Settings\Application Data\lwtvkoc:\documents and settings\Don\Local Settings\Application Data\ekkfkic:\documents and settings\Don\Local Settings\Application Data\rfogjqc:\documents and settings\Don\Local Settings\Application Data\oqikvcc:\documents and settings\Don\Local Settings\Application Data\wdyhmpc:\documents and settings\Don\Local Settings\Application Data\idtxanc:\documents and settings\Don\Local Settings\Application Data\qybnyxc:\documents and settings\Don\Local Settings\Application Data\qmucnsc:\documents and settings\Don\Local Settings\Application Data\ntgjisc:\documents and settings\Don\Local Settings\Application Data\karqdsc:\documents and settings\Don\Local Settings\Application Data\sfcaauc:\documents and settings\Don\Local Settings\Application Data\tjqchmc:\documents and settings\Don\Local Settings\Application Data\wqcpgpc:\documents and settings\Don\Local Settings\Application Data\wevnecc:\documents and settings\Don\Local Settings\Application Data\atvahxc:\documents and settings\Don\Local Settings\Application Data\vowwguc:\documents and settings\Don\Local Settings\Application Data\aawnmpc:\documents and settings\Don\Local Settings\Application Data\hplfwhc:\documents and settings\Don\Local Settings\Application Data\jgeljvc:\documents and settings\Don\Local Settings\Application Data\gpcbikc:\documents and settings\Don\Local Settings\Application Data\iguiuyc:\documents and settings\Don\Local Settings\Application Data\kngvucc:\documents and settings\Don\Local Settings\Application Data\qpysnmc:\documents and settings\Don\Local Settings\Application Data\jdocnfc:\documents and settings\Don\Local Settings\Application Data\diqeaoc:\documents and settings\Don\Local Settings\Application Data\hguymhc:\documents and settings\Don\Local Settings\Application Data\huqlysc:\documents and settings\Don\Local Settings\Application Data\cretvpc:\documents and settings\Don\Local Settings\Application Data\ddoersc:\documents and settings\Don\Local Settings\Application Data\ffakrkc:\documents and settings\Don\Local Settings\Application Data\bprtbrc:\documents and settings\Don\Local Settings\Application Data\gckbvtc:\documents and settings\Don\Local Settings\Application Data\ijvovwc:\documents and settings\Don\Local Settings\Application Data\xhdhexc:\documents and settings\Don\Local Settings\Application Data\typybqc:\documents and settings\Don\Local Settings\Application Data\wgbmbtc:\documents and settings\Don\Local Settings\Application Data\dbycfrc:\documents and settings\Don\Local Settings\Application Data\sjqieic:\documents and settings\Don\Local Settings\Application Data\flyqruc:\documents and settings\Don\Local Settings\Application Data\gcrwejc:\documents and settings\Don\Local Settings\Application Data\neqaoac:\documents and settings\Don\Local Settings\Application Data\courlpc:\documents and settings\Don\Local Settings\Application Data\astoiqc:\documents and settings\Don\Local Settings\Application Data\tgkxhjc:\documents and settings\Don\Local Settings\Application Data\hlfsooc:\documents and settings\Don\Application Data\vrbnutc:\documents and settings\Don\Local Settings\Application Data\vrbnutc:\documents and settings\Don\Application Data\knloyfc:\documents and settings\Don\Application Data\eyomayc:\documents and settings\Don\Application Data\icegtfc:\documents and settings\Don\Application Data\gsggwcc:\documents and settings\Don\Application Data\dluswyc:\documents and settings\Don\Application Data\cuclkkc:\documents and settings\Don\Application Data\obqbaic:\documents and settings\Don\Application Data\wetyndc:\documents and settings\Don\Application Data\qvrfdic:\documents and settings\Don\Application Data\desfrgc:\documents and settings\Don\Application Data\kjindcc:\documents and settings\Don\Application Data\twiknaFile::c:\program files\1108296.dat c:\program files\988484.dat c:\program files\2062203.dat c:\program files\1885031.dat c:\program files\1110906.dat c:\program files\1742984.dat c:\program files\2696078.datc:\program files\3212046.datc:\program files\3212015.datc:\program files\3212171.datc:\program files\3120250.datc:\program files\3115921.datc:\program files\1688843.datc:\program files\1337156.datc:\program files\1962781.datc:\windows\system32\ndismgr.sysc:\windows\system32\accesse.exec:\windows\system32\aexarasug.exeOnce saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report. Link to post Share on other sites More sharing options...
JSntgRvr Posted February 15, 2010 ID:200000 Share Posted February 15, 2010 But able to connect to the Internet? Go to Services. Doubleclick on the wireless zero configuration. Set it to automatic. While in services, check the Remote Procedure Call. Is it running? Link to post Share on other sites More sharing options...
donj Posted February 15, 2010 Author ID:200004 Share Posted February 15, 2010 logs are attachedlog4.txtDeQuarantine.txt Link to post Share on other sites More sharing options...
donj Posted February 15, 2010 Author ID:200006 Share Posted February 15, 2010 Wireless network configuration is set to automatic already. RPC is started. Even when I start wireless network configuration the browsers still dont connect. Link to post Share on other sites More sharing options...
JSntgRvr Posted February 15, 2010 ID:200012 Share Posted February 15, 2010 They should stop soon.Copy the entire contents of the Quote Box below to Notepad. Name the file as CFScript.txt Change the Save as Type to All Files and Save it on the desktopFolder::c:\documents and settings\Don\Local Settings\Application Data\wvqpclc:\documents and settings\Don\Local Settings\Application Data\ysvhqbc:\documents and settings\Don\Local Settings\Application Data\gxlpcwc:\documents and settings\Don\Local Settings\Application Data\buyxatc:\documents and settings\Don\Local Settings\Application Data\cufeqac:\documents and settings\Don\Local Settings\Application Data\aeespnc:\documents and settings\Don\Local Settings\Application Data\clohprc:\documents and settings\Don\Local Settings\Application Data\nvcscpc:\documents and settings\Don\Local Settings\Application Data\smlfyvc:\documents and settings\Don\Local Settings\Application Data\qehwqac:\documents and settings\Don\Local Settings\Application Data\ibeadec:\documents and settings\Don\Local Settings\Application Data\fhphxfc:\documents and settings\Don\Local Settings\Application Data\ncewypc:\documents and settings\Don\Local Settings\Application Data\rvyuuwc:\documents and settings\Don\Local Settings\Application Data\yttvqgc:\documents and settings\Don\Local Settings\Application Data\uqheodc:\documents and settings\Don\Local Settings\Application Data\tbdoccc:\documents and settings\Don\Local Settings\Application Data\ummyxfc:\documents and settings\Don\Local Settings\Application Data\sxgdjqc:\documents and settings\Don\Local Settings\Application Data\bogvqoc:\documents and settings\Don\Local Settings\Application Data\sssgelc:\documents and settings\Don\Local Settings\Application Data\alfkkkc:\documents and settings\Don\Local Settings\Application Data\vjsshhc:\documents and settings\Don\Local Settings\Application Data\lxlnlpc:\documents and settings\Don\Local Settings\Application Data\flcwlic:\documents and settings\Don\Local Settings\Application Data\npxlnkc:\documents and settings\Don\Local Settings\Application Data\vlfbluc:\documents and settings\Don\Local Settings\Application Data\ffaflec:\documents and settings\Don\Local Settings\Application Data\mghrgoc:\documents and settings\Don\Local Settings\Application Data\ofwrcbc:\documents and settings\Don\Local Settings\Application Data\nvfyuec:\documents and settings\Don\Local Settings\Application Data\qdqmuhc:\documents and settings\Don\Local Settings\Application Data\bbbtcjc:\documents and settings\Don\Local Settings\Application Data\vsgfiuc:\documents and settings\Don\Local Settings\Application Data\yarsixc:\documents and settings\Don\Local Settings\Application Data\kxcaoac:\documents and settings\Don\Local Settings\Application Data\xmaotwc:\documents and settings\Don\Local Settings\Application Data\qapxtpc:\documents and settings\Don\Local Settings\Application Data\nygrlyc:\documents and settings\Don\Local Settings\Application Data\ntebluc:\documents and settings\Don\Local Settings\Application Data\esoowac:\documents and settings\Don\Local Settings\Application Data\rduxdbc:\documents and settings\Don\Local Settings\Application Data\dvdojyc:\documents and settings\Don\Local Settings\Application Data\symxrec:\documents and settings\Don\Local Settings\Application Data\ntvkibc:\documents and settings\Don\Local Settings\Application Data\crwxyuc:\documents and settings\Don\Local Settings\Application Data\xduvltc:\documents and settings\Don\Local Settings\Application Data\lutvxvc:\documents and settings\Don\Local Settings\Application Data\ssnwtfc:\documents and settings\Don\Local Settings\Application Data\kkdcqyc:\documents and settings\Don\Local Settings\Application Data\qyyepfc:\documents and settings\Don\Local Settings\Application Data\rprkcuc:\documents and settings\Don\Local Settings\Application Data\vxufeqc:\documents and settings\Don\Local Settings\Application Data\lvcxlrc:\documents and settings\Don\Local Settings\Application Data\bxrnkdc:\documents and settings\Don\Local Settings\Application Data\jbulxyc:\documents and settings\Don\Local Settings\Application Data\gobahkc:\documents and settings\Don\Local Settings\Application Data\wwymwhc:\documents and settings\Don\Local Settings\Application Data\xbopeyc:\documents and settings\Don\Local Settings\Application Data\ymvrutc:\documents and settings\Don\Local Settings\Application Data\igqwtec:\documents and settings\Don\Local Settings\Application Data\uqlnxjc:\documents and settings\Don\Local Settings\Application Data\yjgmspc:\documents and settings\Don\Local Settings\Application Data\nrxsrgc:\documents and settings\Don\Local Settings\Application Data\ainrjvc:\documents and settings\Don\Local Settings\Application Data\iixiekc:\documents and settings\Don\Local Settings\Application Data\bxbccdc:\documents and settings\Don\Local Settings\Application Data\elnegyc:\documents and settings\Don\Local Settings\Application Data\ttfkfpc:\documents and settings\Don\Local Settings\Application Data\dwonjqc:\documents and settings\Don\Local Settings\Application Data\laqlvmc:\documents and settings\Don\Local Settings\Application Data\bbnkgrc:\documents and settings\Don\Application Data\prspiac:\documents and settings\Don\Local Settings\Application Data\prspiac:\documents and settings\Don\Local Settings\Application Data\svoxgyc:\documents and settings\Don\Local Settings\Application Data\ksmasdc:\documents and settings\Don\Local Settings\Application Data\aoacmwc:\documents and settings\Don\Local Settings\Application Data\cfaopsc:\documents and settings\Don\Local Settings\Application Data\hontxnc:\documents and settings\Don\Local Settings\Application Data\fahxjyc:\documents and settings\Don\Local Settings\Application Data\gqafvnc:\documents and settings\Don\Local Settings\Application Data\nlxtbmc:\documents and settings\Don\Local Settings\Application Data\xvmgnkc:\documents and settings\Don\Local Settings\Application Data\ednawgc:\documents and settings\Don\Local Settings\Application Data\ncaqebc:\documents and settings\Don\Local Settings\Application Data\igigqjc:\documents and settings\Don\Local Settings\Application Data\huxvugc:\documents and settings\Don\Local Settings\Application Data\akbqsac:\documents and settings\Don\Local Settings\Application Data\ssidcic:\documents and settings\Don\Local Settings\Application Data\lscrgxc:\documents and settings\Don\Local Settings\Application Data\njuxtmc:\documents and settings\Don\Local Settings\Application Data\indoguc:\documents and settings\Don\Local Settings\Application Data\twuhljc:\documents and settings\Don\Local Settings\Application Data\tjxmqgc:\documents and settings\Don\Local Settings\Application Data\iothxkc:\documents and settings\Don\Local Settings\Application Data\jfmokyc:\documents and settings\Don\Local Settings\Application Data\ihyyiac:\documents and settings\Don\Local Settings\Application Data\gatirlFile::c:\program files\946234.datc:\program files\1591921.datc:\program files\927609.datc:\program files\927437.datc:\program files\924171.datc:\program files\1208046.datc:\program files\914968.datc:\program files\1153515.datc:\program files\943562.datc:\program files\1173921.datc:\program files\1960578.datOnce saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.Copy the entire contents of the Quote Box below to Notepad. Name the file as Test.bat Change the Save as Type to All Files and Save it on the desktop Once saved, double click on the Test.bat file and post its report.@Echo offcd /d %~dp0ECHO Working....... Please waitnbtstat -n >Report.txtipconfig /All >>Report.txtPing Yahoo.com >>Report.txtPing Google.com >>Report.txtNet Start >>Report.txtNotepad Report.txtDel %0 Link to post Share on other sites More sharing options...
donj Posted February 15, 2010 Author ID:200025 Share Posted February 15, 2010 the files are attached. i included a second test report which was done after i started 'wireless zero configuration' and set windows to automatically detect wireless network setings.log5.txtReport.txtReport2.txt Link to post Share on other sites More sharing options...
JSntgRvr Posted February 15, 2010 ID:200059 Share Posted February 15, 2010 Remove Comodo from your system.Copy the entire contents of the Quote Box below to Notepad. Name the file as CFScript.txt Change the Save as Type to All Files and Save it on the desktopFolder::c:\documents and settings\Don\Local Settings\Application Data\jhfvqoc:\documents and settings\Don\Local Settings\Application Data\jmnshac:\documents and settings\Don\Local Settings\Application Data\flsaonc:\documents and settings\Don\Local Settings\Application Data\ofnfnwc:\documents and settings\Don\Local Settings\Application Data\gclhbcc:\documents and settings\Don\Local Settings\Application Data\hseonqc:\documents and settings\Don\Local Settings\Application Data\oxswymc:\documents and settings\Don\Local Settings\Application Data\oafiwmc:\documents and settings\Don\Local Settings\Application Data\lsttxic:\documents and settings\Don\Local Settings\Application Data\scmdfhc:\documents and settings\Don\Local Settings\Application Data\tsfkrwc:\documents and settings\Don\Local Settings\Application Data\vjxrflc:\documents and settings\Don\Local Settings\Application Data\fdsveuc:\documents and settings\Don\Local Settings\Application Data\ahbmqdc:\documents and settings\Don\Application Data\mihfppc:\documents and settings\Don\Local Settings\Application Data\mihfppc:\documents and settings\Don\Local Settings\Application Data\fvxopjc:\documents and settings\Don\Local Settings\Application Data\hmqucxc:\documents and settings\Don\Application Data\cqylogc:\documents and settings\Don\Local Settings\Application Data\cqylogc:\documents and settings\Don\Local Settings\Application Data\godgbxc:\documents and settings\Don\Local Settings\Application Data\ryqrnwc:\documents and settings\Don\Local Settings\Application Data\okkvyic:\documents and settings\Don\Local Settings\Application Data\dluswyc:\documents and settings\Don\Local Settings\Application Data\vekuygc:\documents and settings\Don\Local Settings\Application Data\xuccluc:\documents and settings\Don\Local Settings\Application Data\ugwgxgc:\documents and settings\Don\Application Data\sjsewpc:\documents and settings\Don\Local Settings\Application Data\sjsewpc:\documents and settings\Don\Application Data\mwjnwjc:\documents and settings\Don\Local Settings\Application Data\mwjnwjc:\documents and settings\Don\Application Data\vqerwsc:\documents and settings\Don\Local Settings\Application Data\vqerwsc:\documents and settings\Don\Local Settings\Application Data\hbrejqc:\documents and settings\Don\Local Settings\Application Data\pwythbc:\documents and settings\Don\Local Settings\Application Data\xacrtvc:\documents and settings\Don\Application Data\fxhonoc:\documents and settings\Don\Local Settings\Application Data\ymxxnic:\documents and settings\Don\Local Settings\Application Data\slxrjfc:\documents and settings\Don\Local Settings\Application Data\cfsvjoc:\documents and settings\Don\Local Settings\Application Data\fxhonoc:\documents and settings\Don\Local Settings\Application Data\badtcwc:\documents and settings\Don\Application Data\ehohbac:\documents and settings\Don\Local Settings\Application Data\ehohbac:\documents and settings\Don\Local Settings\Application Data\rnkchfc:\documents and settings\Don\Local Settings\Application Data\nfkfqfc:\documents and settings\Don\Local Settings\Application Data\wyfkqoc:\documents and settings\Don\Local Settings\Application Data\dbxhkyc:\documents and settings\Don\Local Settings\Application Data\uxvjwdc:\documents and settings\Don\Local Settings\Application Data\vooqjrc:\documents and settings\Don\Local Settings\Application Data\pceajlc:\documents and settings\Don\Local Settings\Application Data\ttnmgsc:\documents and settings\Don\Local Settings\Application Data\senwikc:\documents and settings\Don\Application Data\uqjahkc:\documents and settings\Don\Local Settings\Application Data\uqjahkc:\documents and settings\Don\Local Settings\Application Data\baecxuc:\documents and settings\Don\Local Settings\Application Data\swcekyc:\documents and settings\Don\Local Settings\Application Data\ktygxec:\documents and settings\Don\Local Settings\Application Data\lfjqthc:\documents and settings\Don\Local Settings\Application Data\dpdobpc:\documents and settings\Don\Local Settings\Application Data\ymrwymc:\documents and settings\Don\Local Settings\Application Data\wwxgdgc:\documents and settings\Don\Local Settings\Application Data\pkopdac:\documents and settings\Don\Local Settings\Application Data\huinkic:\documents and settings\Don\Local Settings\Application Data\roeskrc:\documents and settings\Don\Local Settings\Application Data\epkkjfc:\documents and settings\Don\Local Settings\Application Data\qkjhfnc:\documents and settings\Don\Local Settings\Application Data\buwsrmc:\documents and settings\Don\Local Settings\Application Data\lorwrvc:\documents and settings\Don\Local Settings\Application Data\gsaneec:\documents and settings\Don\Local Settings\Application Data\fnrqnsc:\documents and settings\Don\Local Settings\Application Data\uqbbvxc:\documents and settings\Don\Local Settings\Application Data\hvyoloc:\documents and settings\Don\Local Settings\Application Data\rgmaxmc:\documents and settings\Don\Local Settings\Application Data\bdtpvwc:\documents and settings\Don\Local Settings\Application Data\lnhbiuc:\documents and settings\Don\Local Settings\Application Data\tyxxyic:\documents and settings\Don\Local Settings\Application Data\lqndvcc:\documents and settings\Don\Local Settings\Application Data\eedmuuc:\documents and settings\Don\Local Settings\Application Data\bkotqvc:\documents and settings\Don\Local Settings\Application Data\ruuroyc:\documents and settings\Don\Local Settings\Application Data\pgovbkc:\documents and settings\Don\Local Settings\Application Data\vbmlfjc:\documents and settings\Don\Local Settings\Application Data\xrloamc:\documents and settings\Don\Local Settings\Application Data\ksrhyyc:\documents and settings\Don\Local Settings\Application Data\qhnjxgc:\documents and settings\Don\Local Settings\Application Data\sqlivjc:\documents and settings\Don\Local Settings\Application Data\yxncfec:\documents and settings\Don\Local Settings\Application Data\xsqcmcc:\documents and settings\Don\Local Settings\Application Data\pmyxxcc:\documents and settings\Don\Local Settings\Application Data\robpguc:\documents and settings\Don\Local Settings\Application Data\biwtgec:\documents and settings\Don\Local Settings\Application Data\njdmfrc:\documents and settings\Don\Local Settings\Application Data\pcqavlc:\documents and settings\Don\Application Data\yvlevuc:\documents and settings\Don\Application Data\rjcnuoc:\documents and settings\Don\Local Settings\Application Data\yvlevuc:\documents and settings\Don\Local Settings\Application Data\tauuidc:\documents and settings\Don\Local Settings\Application Data\rjcnuoc:\documents and settings\Don\Application Data\cdwsuyc:\documents and settings\Don\Local Settings\Application Data\lwrwuic:\documents and settings\Don\Local Settings\Application Data\cdwsuyc:\documents and settings\Don\Application Data\xspsdkFile::c:\program files\913859.datc:\program files\2408937.datc:\program files\1060687.datc:\program files\1187359.datOnce saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.Lets take a deeper look.Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.OTL should now start. Change the following settingsChange Drivers to AllChange Registry and Extra Registry to AllUnder File Scans, change File age to 30[*]Under the Custom Scan box paste this innetsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.sys /md5stop%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please attach the contents of these files in your next reply.Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop. Double click GMER.exe. If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan.. Click the image to enlarge it In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ... SectionsProcessesThreadsLibraries Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one)[*] Then click the Scan button & wait for it to finish. [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt" [*]Save it where you can easily find it, such as your desktop and post its contents in your next reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries I will check these report in the AM. Link to post Share on other sites More sharing options...
donj Posted February 15, 2010 Author ID:200221 Share Posted February 15, 2010 I uninstalled Comodo last week and I did a search. The only file that shows up is the quarantined one in combofix. Also, when I did the OTL scan I changed everything as you said, but when I started the scan it changed file age to 14, drivers to none and registry to none. I tried it again and it did the same thing. When I did the GMER scan the desktop went away and all that I see is the background. It has been like that for about 20 minutes. Is it still scanning? I will attach the logs from the previous two scans.log6.txtOTL.TxtExtras.Txt Link to post Share on other sites More sharing options...
JSntgRvr Posted February 15, 2010 ID:200320 Share Posted February 15, 2010 Hi, donj The reports submitted provide no clue as to what is the problem. Perhaps we should take a look at the computer from an external source.First, if you were unable to run GMER, follow these steps: Double click GMER.exe. No need to scan. Just wait until the initial scan is finished. Once done click on the Rootkit tab, then on the[save..] button, and in the File name area, type in "ark.txt" Change the Save as Type to All Files Save the log where you can easily find it, such as your desktop.Post it in your next reply**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Please copy and paste the contents of that report in your next reply.Now, back to the external source, you will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).Here is what you need to do.Two programs to downloadFirst Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps. SecondDownload OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.When downloaded double click and this will then open ISOBurner to burn the file to CDBoot the Non working computer using the boot CD you just created.In order to do so, the computer must be set to boot from the CD firstNote : For information click hereYour system should now display a REATOGO-X-PE desktop.Double-click on the OTLPE icon.When asked "Do you wish to load the remote registry", select YesWhen asked "Do you wish to load remote user profile(s) for scanning", select YesEnsure the box "Automatically Load All Remaining Users" is checked and press OKOTL should now start. Change the following settingsChange Drivers to AllChange Registry to AllUnder the Custom Scan box paste this in%SYSTEMDRIVE%\*.*/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.sys /md5stop%systemroot%\*. /mp /s%systemroot%\System32\config\*.sav [*]Press Run Scan to start the scan.[*]When finished, the file will be saved in drive C:\OTL.txt[*]Copy this file to your USB drive.[*]Please post the contents of the C:\OTL.txt file in your reply. Link to post Share on other sites More sharing options...
donj Posted February 15, 2010 Author ID:200540 Share Posted February 15, 2010 I'm having trouble downloading OLTPE, but I attached the file from GMER for now.ark.txt Link to post Share on other sites More sharing options...
JSntgRvr Posted February 16, 2010 ID:200545 Share Posted February 16, 2010 Lets try another program.Download OTS.exe by OldTimer to your Desktop.Close any open browsers.Double-click on OTS.exe to start the program.Leave all settings as they appear as default, except for the following:Under Drivers, select "All".Under Registry, select "All".File age should be 30 days.Under Additional Scans, click on the "Extras" button.[*]Now click the Run Scan button on the toolbar.[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.[*]When the scan is complete Notepad will open with the report file loaded in it.[*]Save that notepad fileUse the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it). Link to post Share on other sites More sharing options...
donj Posted February 16, 2010 Author ID:200548 Share Posted February 16, 2010 Lets try another program.Download OTS.exe by OldTimer to your Desktop.Close any open browsers.Double-click on OTS.exe to start the program.Leave all settings as they appear as default, except for the following:Under Drivers, select "All".Under Registry, select "All".File age should be 30 days.Under Additional Scans, click on the "Extras" button.[*]Now click the Run Scan button on the toolbar.[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.[*]When the scan is complete Notepad will open with the report file loaded in it.[*]Save that notepad fileUse the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it).file is attachedOTS.Txt Link to post Share on other sites More sharing options...
JSntgRvr Posted February 16, 2010 ID:200563 Share Posted February 16, 2010 Start OTS. Copy/Paste the information in the Quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.[Kill All Processes][unregister Dlls][Win32 Services - Safe List]YN -> (cmdAgent) COMODO Internet Security Helper Service [Disabled | Stopped] -> [Driver Services - All]YY -> (cmdGuard) COMODO Internet Security Sandbox Driver [File_System | System | Running] -> C:\WINDOWS\system32\drivers\cmdguard.sysYY -> (Inspect) COMODO Internet Security Firewall Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\inspect.sysYY -> (cmdHlp) COMODO Internet Security Helper Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\cmdhlp.sys[Registry - All]< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found.YN -> buy-internetsecurity10.com .[http] -> Trusted sitesYN -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found.YN -> buy-internetsecurity10.com .[http] -> Trusted sitesYN -> is10-soft-download.com .[http] -> Trusted sitesYN -> is-software-download.com .[http] -> Trusted sitesYN -> is-software-download25.com .[http] -> Trusted sites[Files/Folders - Created Within 30 Days]NY -> lhashi -> C:\Documents and Settings\Don\Local Settings\Application Data\lhashiNY -> ubvwhr -> C:\Documents and Settings\Don\Local Settings\Application Data\ubvwhrNY -> xiglgu -> C:\Documents and Settings\Don\Local Settings\Application Data\xiglguNY -> hccpgf -> C:\Documents and Settings\Don\Local Settings\Application Data\hccpgfNY -> jstwst -> C:\Documents and Settings\Don\Local Settings\Application Data\jstwstNY -> cgkgsn -> C:\Documents and Settings\Don\Local Settings\Application Data\cgkgsnNY -> tdiifr -> C:\Documents and Settings\Don\Local Settings\Application Data\tdiifrNY -> hofulc -> C:\Documents and Settings\Don\Local Settings\Application Data\hofulcNY -> jlyoei -> C:\Documents and Settings\Don\Local Settings\Application Data\jlyoeiNY -> eqifqq -> C:\Documents and Settings\Don\Local Settings\Application Data\eqifqqNY -> tyyloh -> C:\Documents and Settings\Don\Local Settings\Application Data\tyylohNY -> aehoju -> C:\Documents and Settings\Don\Local Settings\Application Data\aehojuNY -> jxdtjf -> C:\Documents and Settings\Don\Local Settings\Application Data\jxdtjfNY -> bnbxfr -> C:\Documents and Settings\Don\Local Settings\Application Data\bnbxfrNY -> jqdvrn -> C:\Documents and Settings\Don\Local Settings\Application Data\jqdvrnNY -> lhvdec -> C:\Documents and Settings\Don\Local Settings\Application Data\lhvdecNY -> kjindc -> C:\Documents and Settings\Don\Local Settings\Application Data\kjindcNY -> utvapa -> C:\Documents and Settings\Don\Local Settings\Application Data\utvapaNY -> desfrg -> C:\Documents and Settings\Don\Local Settings\Application Data\desfrgNY -> qvrfdi -> C:\Documents and Settings\Don\Local Settings\Application Data\qvrfdiNY -> labupq -> C:\Documents and Settings\Don\Local Settings\Application Data\labupqNY -> cgfqpg -> C:\Documents and Settings\Don\Local Settings\Application Data\cgfqpgNY -> dwxwcu -> C:\Documents and Settings\Don\Local Settings\Application Data\dwxwcuNY -> pxepci -> C:\Documents and Settings\Don\Local Settings\Application Data\pxepciNY -> wetynd -> C:\Documents and Settings\Don\Local Settings\Application Data\wetyndNY -> twikna -> C:\Documents and Settings\Don\Local Settings\Application Data\twiknaNY -> eqdpnk -> C:\Documents and Settings\Don\Local Settings\Application Data\eqdpnkNY -> birbog -> C:\Documents and Settings\Don\Local Settings\Application Data\birbogNY -> nkxtnt -> C:\Documents and Settings\Don\Local Settings\Application Data\nkxtntNY -> mtgnbf -> C:\Documents and Settings\Don\Local Settings\Application Data\mtgnbfNY -> obqbai -> C:\Documents and Settings\Don\Local Settings\Application Data\obqbaiNY -> ejihyy -> C:\Documents and Settings\Don\Local Settings\Application Data\ejihyyNY -> dspbmk -> C:\Documents and Settings\Don\Local Settings\Application Data\dspbmkNY -> gaboln -> C:\Documents and Settings\Don\Local Settings\Application Data\gabolnNY -> bejfxv -> C:\Documents and Settings\Don\Local Settings\Application Data\bejfxvNY -> ihmckq -> C:\Documents and Settings\Don\Local Settings\Application Data\ihmckqNY -> kxfjxf -> C:\Documents and Settings\Don\Local Settings\Application Data\kxfjxfNY -> cuclkk -> C:\Documents and Settings\Don\Local Settings\Application Data\cuclkkNY -> fcnajn -> C:\Documents and Settings\Don\Local Settings\Application Data\fcnajnNY -> wylcws -> C:\Documents and Settings\Don\Local Settings\Application Data\wylcwsNY -> gsggwc -> C:\Documents and Settings\Don\Local Settings\Application Data\gsggwcNY -> stmyvo -> C:\Documents and Settings\Don\Local Settings\Application Data\stmyvoNY -> rdtsja -> C:\Documents and Settings\Don\Local Settings\Application Data\rdtsjaNY -> ukfgie -> C:\Documents and Settings\Don\Local Settings\Application Data\ukfgieNY -> vbxnus -> C:\Documents and Settings\Don\Local Settings\Application Data\vbxnusNY -> mhciui -> C:\Documents and Settings\Don\Local Settings\Application Data\mhciuiNY -> eeakin -> C:\Documents and Settings\Don\Local Settings\Application Data\eeakinNY -> oonwul -> C:\Documents and Settings\Don\Local Settings\Application Data\oonwulNY -> fusruc -> C:\Documents and Settings\Don\Local Settings\Application Data\fusrucNY -> yiibuv -> C:\Documents and Settings\Don\Local Settings\Application Data\yiibuvNY -> icegtf -> C:\Documents and Settings\Don\Local Settings\Application Data\icegtfNY -> jsvmht -> C:\Documents and Settings\Don\Local Settings\Application Data\jsvmhtNY -> bptoty -> C:\Documents and Settings\Don\Local Settings\Application Data\bptotyNY -> tmrrhe -> C:\Documents and Settings\Don\Local Settings\Application Data\tmrrheNY -> dgmvgn -> C:\Documents and Settings\Don\Local Settings\Application Data\dgmvgnNY -> qhqmox -> C:\Documents and Settings\Don\Local Settings\Application Data\qhqmoxNY -> rxitbm -> C:\Documents and Settings\Don\Local Settings\Application Data\rxitbmNY -> tobbnb -> C:\Documents and Settings\Don\Local Settings\Application Data\tobbnbNY -> mcrknt -> C:\Documents and Settings\Don\Local Settings\Application Data\mcrkntNY -> llydaf -> C:\Documents and Settings\Don\Local Settings\Application Data\llydafNY -> eyomay -> C:\Documents and Settings\Don\Local Settings\Application Data\eyomayNY -> oskqaj -> C:\Documents and Settings\Don\Local Settings\Application Data\oskqajNY -> xmfvas -> C:\Documents and Settings\Don\Local Settings\Application Data\xmfvasNY -> gphtmn -> C:\Documents and Settings\Don\Local Settings\Application Data\gphtmnNY -> hgaayc -> C:\Documents and Settings\Don\Local Settings\Application Data\hgaaycNY -> knloyf -> C:\Documents and Settings\Don\Local Settings\Application Data\knloyfNY -> frteln -> C:\Documents and Settings\Don\Local Settings\Application Data\frtelnNY -> olpjlx -> C:\Documents and Settings\Don\Local Settings\Application Data\olpjlxNY -> tnrpch -> C:\Documents and Settings\Don\Local Settings\Application Data\tnrpchNY -> xspsdk -> C:\Documents and Settings\Don\Local Settings\Application Data\xspsdkNY -> lkospl -> C:\Documents and Settings\Don\Local Settings\Application Data\lkosplNY -> gpxict -> C:\Documents and Settings\Don\Local Settings\Application Data\gpxictNY -> thvinv -> C:\Documents and Settings\Don\Application Data\thvinvNY -> thvinv -> C:\Documents and Settings\Don\Local Settings\Application Data\thvinvNY -> olfxae -> C:\Documents and Settings\Don\Local Settings\Application Data\olfxaeNY -> rsqmyh -> C:\Documents and Settings\Don\Local Settings\Application Data\rsqmyhNY -> sjitlv -> C:\Documents and Settings\Don\Local Settings\Application Data\sjitlvNY -> uabayk -> C:\Documents and Settings\Don\Local Settings\Application Data\uabaykNY -> etwfxt -> C:\Documents and Settings\Don\Local Settings\Application Data\etwfxtNY -> aoxcwq -> C:\Documents and Settings\Don\Local Settings\Application Data\aoxcwqNY -> gdtevw -> C:\Documents and Settings\Don\Local Settings\Application Data\gdtevwNY -> bcoflq -> C:\Documents and Settings\Don\Local Settings\Application Data\bcoflqNY -> bcoflq -> C:\Documents and Settings\Don\Application Data\bcoflqNY -> djatlt -> C:\Documents and Settings\Don\Local Settings\Application Data\djatltNY -> otnfxs -> C:\Documents and Settings\Don\Local Settings\Application Data\otnfxsNY -> xnijxc -> C:\Documents and Settings\Don\Local Settings\Application Data\xnijxcNY -> koocwp -> C:\Documents and Settings\Don\Application Data\koocwpNY -> ihdowl -> C:\Documents and Settings\Don\Local Settings\Application Data\ihdowlNY -> koocwp -> C:\Documents and Settings\Don\Local Settings\Application Data\koocwpNY -> mfhjje -> C:\Documents and Settings\Don\Local Settings\Application Data\mfhjjeNY -> ecflvi -> C:\Documents and Settings\Don\Local Settings\Application Data\ecflviNY -> bqlbgt -> C:\Documents and Settings\Don\Local Settings\Application Data\bqlbgtNY -> vutrsc -> C:\Documents and Settings\Don\Local Settings\Application Data\vutrscNY -> viqmnf -> C:\Documents and Settings\Don\Local Settings\Application Data\viqmnfNY -> gnvbjs -> C:\Documents and Settings\Don\Application Data\gnvbjsNY -> gnvbjs -> C:\Documents and Settings\Don\Local Settings\Application Data\gnvbjsNY -> ciwyip -> C:\Documents and Settings\Don\Application Data\ciwyipNY -> ciwyip -> C:\Documents and Settings\Don\Local Settings\Application Data\ciwyipNY -> tfubuu -> C:\Documents and Settings\Don\Application Data\tfubuuNY -> tfubuu -> C:\Documents and Settings\Don\Local Settings\Application Data\tfubuuNY -> mpoycd -> C:\Documents and Settings\Don\Local Settings\Application Data\mpoycdNY -> wackob -> C:\Documents and Settings\Don\Local Settings\Application Data\wackobNY -> mtpbbp -> C:\Documents and Settings\Don\Local Settings\Application Data\mtpbbpNY -> vnkfba -> C:\Documents and Settings\Don\Local Settings\Application Data\vnkfbaNY -> wedmno -> C:\Documents and Settings\Don\Local Settings\Application Data\wedmnoNY -> hxxrnx -> C:\Documents and Settings\Don\Local Settings\Application Data\hxxrnxNY -> sbqukl -> C:\Documents and Settings\Don\Local Settings\Application Data\sbquklNY -> dlegwj -> C:\Documents and Settings\Don\Local Settings\Application Data\dlegwjNY -> dlegwj -> C:\Documents and Settings\Don\Application Data\dlegwjNY -> nfalwt -> C:\Documents and Settings\Don\Local Settings\Application Data\nfalwtNY -> cnqrvj -> C:\Documents and Settings\Don\Local Settings\Application Data\cnqrvjNY -> ukotio -> C:\Documents and Settings\Don\Local Settings\Application Data\ukotioNY -> bpddtj -> C:\Documents and Settings\Don\Local Settings\Application Data\bpddtjNY -> xjuejf -> C:\Documents and Settings\Don\Local Settings\Application Data\xjuejfNY -> aanlvt -> C:\Documents and Settings\Don\Local Settings\Application Data\aanlvtNY -> dhxyvw -> C:\Documents and Settings\Don\Local Settings\Application Data\dhxyvwNY -> nrmkiv -> C:\Documents and Settings\Don\Local Settings\Application Data\nrmkivNY -> wlscvv -> C:\Documents and Settings\Don\Local Settings\Application Data\wlscvvNY -> gfnhvg -> C:\Documents and Settings\Don\Local Settings\Application Data\gfnhvgNY -> tmunbk -> C:\Documents and Settings\Don\Local Settings\Application Data\tmunbkNY -> cfcrrp -> C:\Documents and Settings\Don\Application Data\cfcrrpNY -> cfcrrp -> C:\Documents and Settings\Don\Local Settings\Application Data\cfcrrpNY -> wjkiex -> C:\Documents and Settings\Don\Local Settings\Application Data\wjkiexNY -> xtihcb -> C:\Documents and Settings\Don\Local Settings\Application Data\xtihcbNY -> lntrmd -> C:\Documents and Settings\Don\Local Settings\Application Data\lntrmdNY -> xcvggt -> C:\Documents and Settings\Don\Local Settings\Application Data\xcvggtNY -> fpanvg -> C:\Documents and Settings\Don\Application Data\fpanvgNY -> fpanvg -> C:\Documents and Settings\Don\Local Settings\Application Data\fpanvgNY -> nuucxi -> C:\Documents and Settings\Don\Local Settings\Application Data\nuucxiNY -> rsywjb -> C:\Documents and Settings\Don\Local Settings\Application Data\rsywjbNY -> emkhtc -> C:\Documents and Settings\Don\Local Settings\Application Data\emkhtcNY -> wurtdk -> C:\Documents and Settings\Don\Local Settings\Application Data\wurtdkNY -> kkpyyp -> C:\Documents and Settings\Don\Local Settings\Application Data\kkpyypNY -> gaiahb -> C:\Documents and Settings\Don\Local Settings\Application Data\gaiahbNY -> wtkqcu -> C:\Documents and Settings\Don\Local Settings\Application Data\wtkqcuNY -> wrnbpw -> C:\Documents and Settings\Don\Local Settings\Application Data\wrnbpwNY -> yhnots -> C:\Documents and Settings\Don\Local Settings\Application Data\yhnotsNY -> axgugh -> C:\Documents and Settings\Don\Local Settings\Application Data\axgughNY -> krbagq -> C:\Documents and Settings\Don\Application Data\krbagqNY -> krbagq -> C:\Documents and Settings\Don\Local Settings\Application Data\krbagqNY -> tsxrls -> C:\Documents and Settings\Don\Local Settings\Application Data\tsxrlsNY -> vjqyxh -> C:\Documents and Settings\Don\Local Settings\Application Data\vjqyxhNY -> yqcmwk -> C:\Documents and Settings\Don\Local Settings\Application Data\yqcmwkNY -> lrifwx -> C:\Documents and Settings\Don\Local Settings\Application Data\lrifwxNY -> gpxdis -> C:\Documents and Settings\Don\Local Settings\Application Data\gpxdisNY -> hgqjui -> C:\Documents and Settings\Don\Local Settings\Application Data\hgqjuiNY -> thwcuu -> C:\Documents and Settings\Don\Local Settings\Application Data\thwcuuNY -> qpuunu -> C:\Documents and Settings\Don\Local Settings\Application Data\qpuunuNY -> hgcgsq -> C:\Documents and Settings\Don\Local Settings\Application Data\hgcgsqNY -> pcjvqa -> C:\Documents and Settings\Don\Local Settings\Application Data\pcjvqaNY -> xadwnk -> C:\Documents and Settings\Don\Local Settings\Application Data\xadwnkNY -> htycmt -> C:\Documents and Settings\Don\Application Data\htycmtNY -> htycmt -> C:\Documents and Settings\Don\Local Settings\Application Data\htycmtNY -> utladn -> C:\Documents and Settings\Don\Local Settings\Application Data\utladnNY -> nehluy -> C:\Documents and Settings\Don\Local Settings\Application Data\nehluyNY -> tlifeu -> C:\Documents and Settings\Don\Local Settings\Application Data\tlifeuNY -> qbnpur -> C:\Documents and Settings\Don\Local Settings\Application Data\qbnpurNY -> camrvt -> C:\Documents and Settings\Don\Local Settings\Application Data\camrvtNY -> xpfref -> C:\Documents and Settings\Don\Local Settings\Application Data\xpfrefNY -> hjaweo -> C:\Documents and Settings\Don\Application Data\hjaweoNY -> hjaweo -> C:\Documents and Settings\Don\Local Settings\Application Data\hjaweoNY -> bwqgei -> C:\Documents and Settings\Don\Local Settings\Application Data\bwqgeiNY -> aydqci -> C:\Documents and Settings\Don\Local Settings\Application Data\aydqciNY -> ccfila -> C:\Documents and Settings\Don\Local Settings\Application Data\ccfilaNY -> wkmvbh -> C:\Documents and Settings\Don\Local Settings\Application Data\wkmvbhNY -> arxjbk -> C:\Documents and Settings\Don\Local Settings\Application Data\arxjbkNY -> fgtlyq -> C:\Documents and Settings\Don\Local Settings\Application Data\fgtlyqNY -> xocxiy -> C:\Documents and Settings\Don\Local Settings\Application Data\xocxiyNY -> efdmtu -> C:\Documents and Settings\Don\Local Settings\Application Data\efdmtuNY -> rwcmfw -> C:\Documents and Settings\Don\Local Settings\Application Data\rwcmfwNY -> dpdwvn -> C:\Documents and Settings\Don\Local Settings\Application Data\dpdwvnNY -> woeqrk -> C:\Documents and Settings\Don\Local Settings\Application Data\woeqrkNY -> ebxscm -> C:\Documents and Settings\Don\Local Settings\Application Data\ebxscmNY -> rcelby -> C:\Documents and Settings\Don\Local Settings\Application Data\rcelbyNY -> wqanaf -> C:\Documents and Settings\Don\Application Data\wqanafNY -> wqanaf -> C:\Documents and Settings\Don\Local Settings\Application Data\wqanafNY -> xrdhqp -> C:\Documents and Settings\Don\Local Settings\Application Data\xrdhqpNY -> sjisxb -> C:\Documents and Settings\Don\Local Settings\Application Data\sjisxbNY -> vetacg -> C:\Documents and Settings\Don\Local Settings\Application Data\vetacgNY -> omcnlo -> C:\Documents and Settings\Don\Local Settings\Application Data\omcnloNY -> xgwrlx -> C:\Documents and Settings\Don\Local Settings\Application Data\xgwrlxNY -> rhjwfu -> C:\Documents and Settings\Don\Application Data\rhjwfuNY -> rhjwfu -> C:\Documents and Settings\Don\Local Settings\Application Data\rhjwfuNY -> cmolbi -> C:\Documents and Settings\Don\Local Settings\Application Data\cmolbiNY -> tfrlrb -> C:\Documents and Settings\Don\Local Settings\Application Data\tfrlrbNY -> fiituh -> C:\Documents and Settings\Don\Local Settings\Application Data\fiituhNY -> ecpyvg -> C:\Documents and Settings\Don\Application Data\ecpyvgNY -> tiuuvw -> C:\Documents and Settings\Don\Local Settings\Application Data\tiuuvwNY -> ecpyvg -> C:\Documents and Settings\Don\Local Settings\Application Data\ecpyvgNY -> sxdboa -> C:\Documents and Settings\Don\Local Settings\Application Data\sxdboaNY -> anpbsc -> C:\Documents and Settings\Don\Local Settings\Application Data\anpbscNY -> dubosf -> C:\Documents and Settings\Don\Local Settings\Application Data\dubosfNY -> pvhhrs -> C:\Documents and Settings\Don\Local Settings\Application Data\pvhhrsNY -> guard32.dll -> C:\WINDOWS\System32\guard32.dllNY -> cmdguard.sys -> C:\WINDOWS\System32\drivers\cmdguard.sysNY -> inspect.sys -> C:\WINDOWS\System32\drivers\inspect.sysNY -> cmdhlp.sys -> C:\WINDOWS\System32\drivers\cmdhlp.sysNY -> utduii -> C:\Documents and Settings\Don\Application Data\utduiiNY -> nhseic -> C:\Documents and Settings\Don\Local Settings\Application Data\nhseicNY -> utduii -> C:\Documents and Settings\Don\Local Settings\Application Data\utduiiNY -> ouhjyk -> C:\Documents and Settings\Don\Local Settings\Application Data\ouhjykNY -> ffhprk -> C:\Documents and Settings\Don\Local Settings\Application Data\ffhprkNY -> ingljj -> C:\Documents and Settings\Don\Local Settings\Application Data\ingljjNY -> xukfjx -> C:\Documents and Settings\Don\Local Settings\Application Data\xukfjxNY -> fiou.exe -> C:\fiou.exeNY -> 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp[Files/Folders - Modified Within 30 Days]NY -> sfi.dat -> C:\WINDOWS\System32\drivers\sfi.datNY -> OTS.exe -> C:\Documents and Settings\Don\Desktop\OTS.exeNY -> 21586562.dat -> C:\Program Files\21586562.datNY -> 21586312.dat -> C:\Program Files\21586312.datNY -> 21586140.dat -> C:\Program Files\21586140.datNY -> 21585890.dat -> C:\Program Files\21585890.datNY -> 21586046.dat -> C:\Program Files\21586046.datNY -> 21585515.dat -> C:\Program Files\21585515.datNY -> 21584578.dat -> C:\Program Files\21584578.datNY -> 21585421.dat -> C:\Program Files\21585421.datNY -> 21585296.dat -> C:\Program Files\21585296.datNY -> 21585218.dat -> C:\Program Files\21585218.datNY -> 21584234.dat -> C:\Program Files\21584234.datNY -> 21577656.dat -> C:\Program Files\21577656.datNY -> 21577343.dat -> C:\Program Files\21577343.datNY -> 21577171.dat -> C:\Program Files\21577171.datNY -> 21576718.dat -> C:\Program Files\21576718.datNY -> 1959984.dat -> C:\Program Files\1959984.datNY -> 1959546.dat -> C:\Program Files\1959546.datNY -> 1958359.dat -> C:\Program Files\1958359.datNY -> 1956953.dat -> C:\Program Files\1956953.datNY -> 1956281.dat -> C:\Program Files\1956281.datNY -> 1955343.dat -> C:\Program Files\1955343.datNY -> 1954171.dat -> C:\Program Files\1954171.datNY -> 1952328.dat -> C:\Program Files\1952328.datNY -> 1951828.dat -> C:\Program Files\1951828.datNY -> 1951234.dat -> C:\Program Files\1951234.datNY -> 1947828.dat -> C:\Program Files\1947828.datNY -> 1947015.dat -> C:\Program Files\1947015.datNY -> 1946484.dat -> C:\Program Files\1946484.datNY -> 1944937.dat -> C:\Program Files\1944937.datNY -> guard32.dll -> C:\WINDOWS\System32\guard32.dllNY -> cmdguard.sys -> C:\WINDOWS\System32\drivers\cmdguard.sysNY -> inspect.sys -> C:\WINDOWS\System32\drivers\inspect.sysNY -> cmdhlp.sys -> C:\WINDOWS\System32\drivers\cmdhlp.sysNY -> fiou.exe -> C:\fiou.exeNY -> 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp[Files - No Company Name]NY -> 21586562.dat -> C:\Program Files\21586562.datNY -> 21586312.dat -> C:\Program Files\21586312.datNY -> 21586140.dat -> C:\Program Files\21586140.datNY -> 21585890.dat -> C:\Program Files\21585890.datNY -> 21586046.dat -> C:\Program Files\21586046.datNY -> 21585515.dat -> C:\Program Files\21585515.datNY -> 21584578.dat -> C:\Program Files\21584578.datNY -> 21585421.dat -> C:\Program Files\21585421.datNY -> 21585296.dat -> C:\Program Files\21585296.datNY -> 21585218.dat -> C:\Program Files\21585218.datNY -> 21584234.dat -> C:\Program Files\21584234.datNY -> 21577656.dat -> C:\Program Files\21577656.datNY -> 21577343.dat -> C:\Program Files\21577343.datNY -> 21577171.dat -> C:\Program Files\21577171.datNY -> 21576718.dat -> C:\Program Files\21576718.datNY -> 1959984.dat -> C:\Program Files\1959984.datNY -> 1959546.dat -> C:\Program Files\1959546.datNY -> 1958359.dat -> C:\Program Files\1958359.datNY -> 1956953.dat -> C:\Program Files\1956953.datNY -> 1956281.dat -> C:\Program Files\1956281.datNY -> 1955343.dat -> C:\Program Files\1955343.datNY -> 1954171.dat -> C:\Program Files\1954171.datNY -> 1952328.dat -> C:\Program Files\1952328.datNY -> 1951828.dat -> C:\Program Files\1951828.datNY -> 1951234.dat -> C:\Program Files\1951234.datNY -> 1947828.dat -> C:\Program Files\1947828.datNY -> 1947015.dat -> C:\Program Files\1947015.datNY -> 1946484.dat -> C:\Program Files\1946484.datNY -> 1944937.dat -> C:\Program Files\1944937.datNY -> sfi.dat -> C:\WINDOWS\System32\drivers\sfi.dat[Empty Temp Folders][start Explorer][Reboot]The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS scan log. This time select a file age of 60 days.I will review the information when it comes back in.Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. Link to post Share on other sites More sharing options...
donj Posted February 16, 2010 Author ID:200569 Share Posted February 16, 2010 Start OTS. Copy/Paste the information in the Quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS scan log. This time select a file age of 60 days.I will review the information when it comes back in.Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.As soon as I hit 'Fix' the desktop icons go away, the cursor is an hourglass in the OTS window and on the bottom of OTS it says: 'Fixing Service /driver:YY-> (cmdGuard) COMODO Internet Security Sandbox Driver [File System | System | Running] -> C:\Windows\'It has been stuck like that for a few minutes. Is it still working? Link to post Share on other sites More sharing options...
JSntgRvr Posted February 16, 2010 ID:200572 Share Posted February 16, 2010 It is suppose to be a fast fix. Try to run it again. Link to post Share on other sites More sharing options...
JSntgRvr Posted February 16, 2010 ID:200576 Share Posted February 16, 2010 If it still hanging, follow these steps:Copy the entire contents of the Quote Box below to Notepad. Name the file as fix.bat Change the Save as Type to All Files and Save it on the desktop Once saved, double click on the fix.bat file.SC stop cmdGuardSC Delete cmdGuardSC stop InspectSC Delete InspectSC stop cmdHlpSC Delete cmdHlpDel %0Attempt to run the fix again. Link to post Share on other sites More sharing options...
Recommended Posts