Jump to content

MS Removal Tool-


Recommended Posts

Malware did catch the MS Removal Tool...but ever since, my files are still hidden. I can view hidden files to access them- but they are remaining hidden. My desktop as well has the greyed out icons.

I am unable to zip the the attach.txt and the ark.txt because when i right click and go to "send to" my only option is D: Drive (dvd).... any other suggestions? THANKS

DDS and Malwarebytes log to follow

DDS LOG:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Landis at 7:00:02 on 2011-06-28

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.449 [GMT -4:00]

.

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\ARO 2011\aro.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://espn.go.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [AROReminder] c:\program files\aro 2011\aro.exe -rem

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MPlayerForWindows_UpdateReminder] "c:\program files\mplayer for windows\AutoUpdate.exe" /L=1033 /TASK

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [PeachtreePrefetcher.exe] "c:\progra~1\sageso~1\peacht~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290005742734

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290005798062

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 68.87.73.246 68.87.71.230

TCP: Interfaces\{9666AD4E-0169-452E-AD7E-B62ADBE79446} : DhcpNameServer = 68.87.73.246 68.87.71.230

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-28 11608]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R1 MpKsl00695fe4;MpKsl00695fe4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\MpKsl00695fe4.sys [2011-6-27 28752]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-28 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-28 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-28 61960]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-2-14 54760]

R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2007-9-5 455968]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

S1 MpKsl1a2cca0f;MpKsl1a2cca0f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\mpksl1a2cca0f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\MpKsl1a2cca0f.sys [?]

S1 MpKsl757dc345;MpKsl757dc345;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\mpksl757dc345.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\MpKsl757dc345.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-11-23 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-06-28 10:48:20 -------- d-----w- c:\documents and settings\landis\application data\Sammsoft

2011-06-28 10:47:59 -------- d-----w- c:\program files\ARO 2011

2011-06-28 10:33:44 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-28 10:33:40 -------- d-----w- c:\program files\Avira

2011-06-28 10:33:40 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-06-28 10:30:06 52676424 ----a-w- c:\program files\avira_antivir_personal_en.exe

2011-06-28 01:06:48 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\MpKsl00695fe4.sys

2011-06-28 00:54:07 -------- d-----w- c:\windows\pss

2011-06-27 23:10:18 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\mpengine.dll

2011-06-27 00:49:02 -------- d--h--w- c:\documents and settings\landis\application data\Malwarebytes

2011-06-27 00:48:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-27 00:48:56 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-27 00:48:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-27 00:48:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-08 16:29:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-07 16:35:34 103864 ---ha-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-06-02 18:35:43 -------- d--h--w- c:\documents and settings\landis\local settings\application data\PhotoChannel

.

==================== Find3M ====================

.

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

============= FINISH: 7:01:55.48 ===============

MALWAREBYTES LOG

-SECOND SCAN IN FULL MODE (DO YOU WANT THE SAFE MODE SCAN LOG?)

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6956

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/27/2011 3:42:09 PM

mbam-log-2011-06-27 (15-42-09).txt

Scan type: Quick scan

Objects scanned: 154572

Time elapsed: 11 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thanks for the reply!

I tried to update malwarebytes, but got an error, a screenshot pix is attached for that

i did run a quick scan;

malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6956

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/29/2011 6:59:05 AM

mbam-log-2011-06-29 (06-59-05).txt

Scan type: Quick scan

Objects scanned: 167464

Time elapsed: 11 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

combofix log

ComboFix 11-06-29.02 - Landis 06/29/2011 7:46.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.537 [GMT -4:00]

Running from: c:\documents and settings\Landis\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Landis\Application Data\Adobe\plugs

c:\documents and settings\Landis\Application Data\Adobe\shed

c:\documents and settings\Landis\Desktop\Windows XP Repair.lnk

c:\documents and settings\Landis\My Documents\iexplore.exe

c:\documents and settings\Landis\Start Menu\Programs\Windows XP Repair

c:\documents and settings\Landis\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk

c:\documents and settings\Landis\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk

.

c:\windows\system32\srsvc.dll . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))

.

.

2011-06-29 01:13 . 2011-06-29 01:13 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118886A4-CD28-4B0E-9379-93BD1C343D31}\MpKsl2f4fd415.sys

2011-06-29 01:12 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118886A4-CD28-4B0E-9379-93BD1C343D31}\mpengine.dll

2011-06-28 10:48 . 2011-06-29 00:45 -------- d-----w- c:\documents and settings\Landis\Application Data\Sammsoft

2011-06-28 10:33 . 2011-06-29 10:42 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-28 10:33 . 2011-06-29 10:42 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-06-28 10:33 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-06-28 10:33 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-06-28 10:33 . 2011-06-28 10:33 -------- d-----w- c:\program files\Avira

2011-06-28 10:33 . 2011-06-28 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-06-28 10:30 . 2011-06-28 10:30 52676424 ----a-w- c:\program files\avira_antivir_personal_en.exe

2011-06-27 00:49 . 2011-06-27 00:49 -------- d--h--w- c:\documents and settings\Landis\Application Data\Malwarebytes

2011-06-27 00:48 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-27 00:48 . 2011-06-27 00:48 -------- d--h--w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-27 00:48 . 2011-06-27 00:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-27 00:48 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-08 16:29 . 2011-06-08 16:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-07 16:35 . 2011-06-07 16:35 103864 ---ha-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2011-06-02 18:35 . 2011-06-03 00:27 -------- d--h--w- c:\documents and settings\Landis\Local Settings\Application Data\PhotoChannel

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-07 15:55 . 2010-11-17 15:45 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-04-29 16:19 . 2008-04-14 03:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2008-04-14 08:42 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2008-04-14 08:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 16:11 . 2008-04-14 08:41 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 12:01 . 2008-04-14 03:07 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2008-04-14 03:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

.

.

[-] 2010-02-24 . 0085A8F0468699C6CFAD4769092BEF21 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

c:\windows\System32\drivers\beep.sys ... is missing !!

c:\windows\System32\srsvc.dll ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"MPlayerForWindows_UpdateReminder"="c:\program files\MPlayer for Windows\AutoUpdate.exe" [2010-10-17 235005]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"PeachtreePrefetcher.exe"="c:\progra~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" [2008-10-02 32768]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-11-17 663552]

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1583:TCP"= 1583:TCP:Pervasive DBEngine

"3351:TCP"= 3351:TCP:Pervasive DBEngine

.

R1 MpKsl07d63c0a;MpKsl07d63c0a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118886A4-CD28-4B0E-9379-93BD1C343D31}\MpKsl07d63c0a.sys [6/29/2011 7:14 AM 28752]

R1 MpKsl2f4fd415;MpKsl2f4fd415;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118886A4-CD28-4B0E-9379-93BD1C343D31}\MpKsl2f4fd415.sys [6/28/2011 9:13 PM 28752]

R1 MpKsl9d79e210;MpKsl9d79e210;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118886A4-CD28-4B0E-9379-93BD1C343D31}\MpKsl9d79e210.sys [6/29/2011 7:25 AM 28752]

R1 MpKslaa8ef488;MpKslaa8ef488;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118886A4-CD28-4B0E-9379-93BD1C343D31}\MpKslaa8ef488.sys [6/29/2011 7:13 AM 28752]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/28/2011 6:33 AM 136360]

R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [9/5/2007 12:25 PM 455968]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 5:24 PM 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]

S1 MpKsl1a2cca0f;MpKsl1a2cca0f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FBD4BB8E-3AA4-42E1-A9BC-84B3C5ACA28C}\MpKsl1a2cca0f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FBD4BB8E-3AA4-42E1-A9BC-84B3C5ACA28C}\MpKsl1a2cca0f.sys [?]

S1 MpKsl757dc345;MpKsl757dc345;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FBD4BB8E-3AA4-42E1-A9BC-84B3C5ACA28C}\MpKsl757dc345.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FBD4BB8E-3AA4-42E1-A9BC-84B3C5ACA28C}\MpKsl757dc345.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/23/2010 11:31 AM 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - SSMDRV

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-06-29 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://espn.go.com/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 68.87.73.246 68.87.71.230

DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-29 07:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL]

@Denied: ) (Everyone)

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1032)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2011-06-29 07:59:24

ComboFix-quarantined-files.txt 2011-06-29 11:59

.

Pre-Run: 17,510,215,680 bytes free

Post-Run: 21,280,010,240 bytes free

.

- - End Of File - - E4EB5E7373C301E9D6F9C8EF44F41ADB

DDS LOG:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Landis at 7:00:02 on 2011-06-28

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.449 [GMT -4:00]

.

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\ARO 2011\aro.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://espn.go.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [AROReminder] c:\program files\aro 2011\aro.exe -rem

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MPlayerForWindows_UpdateReminder] "c:\program files\mplayer for windows\AutoUpdate.exe" /L=1033 /TASK

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [PeachtreePrefetcher.exe] "c:\progra~1\sageso~1\peacht~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290005742734

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290005798062

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 68.87.73.246 68.87.71.230

TCP: Interfaces\{9666AD4E-0169-452E-AD7E-B62ADBE79446} : DhcpNameServer = 68.87.73.246 68.87.71.230

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-28 11608]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R1 MpKsl00695fe4;MpKsl00695fe4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\MpKsl00695fe4.sys [2011-6-27 28752]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-28 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-28 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-28 61960]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-2-14 54760]

R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2007-9-5 455968]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

S1 MpKsl1a2cca0f;MpKsl1a2cca0f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\mpksl1a2cca0f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\MpKsl1a2cca0f.sys [?]

S1 MpKsl757dc345;MpKsl757dc345;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\mpksl757dc345.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\MpKsl757dc345.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-11-23 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-06-28 10:48:20 -------- d-----w- c:\documents and settings\landis\application data\Sammsoft

2011-06-28 10:47:59 -------- d-----w- c:\program files\ARO 2011

2011-06-28 10:33:44 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-28 10:33:40 -------- d-----w- c:\program files\Avira

2011-06-28 10:33:40 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-06-28 10:30:06 52676424 ----a-w- c:\program files\avira_antivir_personal_en.exe

2011-06-28 01:06:48 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\MpKsl00695fe4.sys

2011-06-28 00:54:07 -------- d-----w- c:\windows\pss

2011-06-27 23:10:18 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\mpengine.dll

2011-06-27 00:49:02 -------- d--h--w- c:\documents and settings\landis\application data\Malwarebytes

2011-06-27 00:48:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-27 00:48:56 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-27 00:48:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-27 00:48:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-08 16:29:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-07 16:35:34 103864 ---ha-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-06-02 18:35:43 -------- d--h--w- c:\documents and settings\landis\local settings\application data\PhotoChannel

.

==================== Find3M ====================

.

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

============= FINISH: 7:01:55.48 ===============

Link to post
Share on other sites

Just wondering how much longer I am suppose to wait to hear back from someone? my last contact was the 29th, and its the 2nd now....

in the meantime my computer now has windows xp recovery - using bleeping computers I tried to remove it, but got stuck at the tdsskill program, because although downloaded and saved to my desktop and renamed to a ".com" file it will not open and run....

please help me fix these issues.....

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Do you have your Windows XP CD?

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

Link to post
Share on other sites

well.... i got through all of that with Avira Antivi.... it did detect 5 malicious files and quarantined them.... BUT i still have no programs listed under 'programs' and all my icons on the desktop are "hidden"; as well as files and folders all over....

would you happen to have any other suggestions.... or am i getting to the point of wiping this thing clean totally? (UGGHHHHHH) thanks!!!

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.