Jump to content

Recommended Posts

hello ,

i have a friend's laptop (definitely not comp savvy !) that his son thought he could "fix" ... <_<:angry:

there was a bogus anti-somethingoranother that showed an icon on the desktop .

HJT (04) showed "skytel" and was associated with "newdotcom" ... this was removed . my friend does not recall installing it or the need for the legit "skytel" program . nothing showed in the program files or the "add/remove" list or in revo uninstaller .

i did some clean-up with MB and avg .

both found items (trojans/downloaders/JS crap) .

there are browser redirects and i cannot access windows updates as well as a few other "anti" sites .

MB is actively blocking outgoing IP accesses when i run google searches .

i have (tried to) run the tools as requested ...

defogger ran ok .

dds chokes

combofix will not run with avg installed (i did not think it wise to uninstall avg) .

GMER ran and returned a couple of items .

thanks for your help in advance

ooopppsss ... here's the ark file . :rolleyes:

ark.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

hello ,

some things have changed since my first post .

i uninstalled avg and installed avira (full trial) in the safe mode .

i ran it and it found a few items ... these were removed .

i then installed/updated/ran the full trial of MB ...

it too found some items and these were removed .

i dug around here and found some information ... i ran tdsskiller .

it found tdl4 (etc) ... this was removed on reboot .

subsequent scans with MB , avira and tdsskiller came up "clean" .

i will include/attach the logs of what i have(/done)as well as those you request .

dds will still not run to completion ... this was after uninstalling AVG and before installing avira . even with avira and MB disabled (in what seems to be a clean machine) it is still a "no-go" .

the machine chokes and the only way out is to force a restart via the power button .

i do get at boot (on occasion) the blue screen "windows wants to check yer hdd/files ..." .

sadly , i cannot tell if MB is blocking any outgoing/incoming questionable IPAs ...

the full trial was working ok right up to the reboot after the second set of windows update installs (which i could not access previous to the removal work) .

thanks in advance .

----------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6820

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/11/2011 8:40:29 AM

mbam-log-2011-06-11 (08-40-29).txt

Scan type: Quick scan

Objects scanned: 193009

Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

----------------------------------------------------------------

EDIT : i decided to run the ESET online scanner ...

early into the scan (ongoing as i post this)it found : JS/Trojan Downloader Agent NWG trojan

here are the eset results :

C:\WINDOWS\system32\12543.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1FKOXGWZ\start[1].php JS/Kryptik.Y trojan cleaned by deleting - quarantined

C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\th08e8jp.default\Cache\22FF307Fd01 JS/Kryptik.AQ.Gen trojan cleaned by deleting - quarantined

avira scan log old.txt

avira scan log after removal.txt

mb protect log old.txt

mbam log old.txt

TDSSKiller.2.5.4.0_09.06.2011_17.28.17_log.txt

Link to post
Share on other sites

hello ,

the quick scan ran ok .

i disabled avira during the attempt to run DDS . to the best of my knowledge , there are no script blockers (etc) on the machine .

DDS will not run to completion and seems to partially lock up ...

i can move the pointer but i cannot select anything on the desktop nor do any key commands work (ie : cntl/alt/del to bring up task manager) .

the only way out of this state is to restart the machine is via the power button (held down for 5 seconds) .

it seems that restarting after attempting to run DDS is when the "windows want to check your hdd ..." screen comes up .

in addition , there are two windows that pop up on the desktop during the boot-up ... something about adobe reader speed launcher being disabled .

this could be due to the fact that i did disable some none-essential start up items ... but ... i uninstalled any/all versions of adobe reader shortly after the machine was in my hands .

i know this is more info than you requested ... but it may provide some small clue as to what is going on .

-----------------------------------------------------

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6860

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/15/2011 5:01:19 AM

mbam-log-2011-06-15 (05-01-19).txt

Scan type: Quick scan

Objects scanned: 193921

Time elapsed: 9 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

See if this works instead:

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

here it is :

OTL logfile created on: 6/17/2011 5:59:31 AM - Run 1

OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\CWB\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.70% Memory free

2.58 Gb Paging File | 2.16 Gb Available in Paging File | 83.73% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 25.25 Gb Total Space | 4.28 Gb Free Space | 16.96% Space Free | Partition Type: FAT32

Drive D: | 25.73 Gb Total Space | 25.69 Gb Free Space | 99.81% Space Free | Partition Type: FAT32

Drive F: | 959.72 Mb Total Space | 959.03 Mb Free Space | 99.93% Space Free | Partition Type: FAT

Computer Name: ACER-FCAFBFA90D | User Name: CWB | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 05:53:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CWB\Desktop\OTL.exe

PRC - [2011/06/09 06:08:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/06/09 06:08:54 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2011/06/09 06:08:54 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

PRC - [2011/06/09 06:08:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/06/09 06:08:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/01/14 22:12:22 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008/04/13 18:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/08/10 19:29:14 | 000,352,256 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

PRC - [2006/07/20 22:15:32 | 000,593,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe

PRC - [2005/12/27 15:50:28 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe

PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe

PRC - [2005/03/14 13:39:06 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZinw12.exe

PRC - [2002/07/11 06:06:24 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

========== Modules (SafeList) ==========

MOD - [2011/06/17 05:53:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CWB\Desktop\OTL.exe

MOD - [2011/02/08 08:33:56 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2006/01/20 15:56:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll

MOD - [2005/12/27 16:57:30 | 000,053,248 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll

MOD - [2005/12/27 15:50:26 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll

MOD - [2003/03/18 22:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71u.dll

MOD - [2003/03/18 20:44:38 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71ENU.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2011/06/09 06:08:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/06/09 06:08:54 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2011/06/09 06:08:54 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2011/06/09 06:08:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)

========== Driver Services (SafeList) ==========

DRV - [2011/06/09 06:08:56 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/06/09 06:08:56 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)

DRV - [2009/05/11 12:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 10:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/06/16 19:17:38 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)

DRV - [2006/06/16 19:17:38 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)

DRV - [2006/06/16 19:17:36 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)

DRV - [2005/11/27 07:36:08 | 001,427,968 | ---- | M] (Intel

Link to post
Share on other sites

OTL Extras logfile created on: 6/17/2011 5:59:31 AM - Run 1

OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\CWB\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.70% Memory free

2.58 Gb Paging File | 2.16 Gb Available in Paging File | 83.73% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 25.25 Gb Total Space | 4.28 Gb Free Space | 16.96% Space Free | Partition Type: FAT32

Drive D: | 25.73 Gb Total Space | 25.69 Gb Free Space | 99.81% Space Free | Partition Type: FAT32

Drive F: | 959.72 Mb Total Space | 959.03 Mb Free Space | 99.93% Space Free | Partition Type: FAT

Computer Name: ACER-FCAFBFA90D | User Name: CWB | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\OpenOffice.org 2.3\program\soffice.exe" -writer -o "%1" (OpenOffice.org)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe

"E:\setup\HPZNET01.EXE" = E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe

"E:\setup\HPONICIFS01.EXE" = E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)

"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01F81D44-3CE5-442C-80FB-5429BA1141B9}" = 2006 ICC Membership Collection

Link to post
Share on other sites

combofix will not run to completion .

i turned off the firewall and avira ... MB is not in the "active mode" (that pesky premature trial license expiration issue) .

combofix will run to the point of creating a registry backup (which it seemingly does) , the blue system box comes up .

there is some activity in the background (as indicated by the hourglass near the pointer and hdd activity led) , after about a minute this all ceases .

a half hour later ; nothing has changed .

no key commands or point-n-click works .

the only way out of this state is to do a power button shutdown .

restarting the machine produces the option to select the start up mode select and from there windows will start to load . eventually the "windows wants to check your files" screen comes up .

after this runs , windows starts (cycles up) "normally" .

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.