Sign In
Create Account
2
Seriously infected! MWB and HJT will not start and my virus software is affected. Was able to stop UAC.exe then Windows Police Pro took over. Disabled internet connection and virus software automatically blocked a buffer overflow C:\windows\system32\services.exe then virus software blocked and removed FakeAlert-DZ trojan windows\system32\bezuyiza.exe and safe thing with zdekare.exe Then got message that services.exe terminated unexpectedly and system was being shutdown and restarted by NT Authority/System status code 1073741819. Now system will only start in Safe Mode. If I try to access system restore message says it has been turned off by group policy? Please help. Thanks!
Back to top
#2
Posted 29 September 2009 - 11:13 PM
-
- Experts
-
- 1,605 posts
Forum Deity
- Gender:Male
- Location:West Coast of Florida
Welcome to Malwarebytes!!!! 
Please download Win32kDiag.exe by AD to your Desktop.
Double-click on Win32kDiag.exe.
It will create Win32kDiag.txt on your Desktop.
In your next reply, please include the log. Thanks
Please download Win32kDiag.exe by AD to your Desktop.
Double-click on Win32kDiag.exe.
It will create Win32kDiag.txt on your Desktop.
In your next reply, please include the log. Thanks
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
#3
Posted 30 September 2009 - 01:27 PM
-
- Members
-
- 22 posts
New Member
Thank you SO much for your help. I downloaded the file and am attaching the log.
Thanks again!
Drew
Thanks again!
Drew
Attached Files
-
Win32kDiag.txt 16.75K
32 downloads
#4
Posted 30 September 2009 - 11:41 PM
-
- Experts
-
- 1,605 posts
Forum Deity
- Gender:Male
- Location:West Coast of Florida
Okay good that's explains a lot.
1. Please download The Avenger2 by Swandog46 to your Desktop.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
=============================================================
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3
--------------------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
1. Please download The Avenger2 by Swandog46 to your Desktop.
- Right click on the Avenger.zip folder and select "Extract All..."
- Follow the prompts and extract the avenger folder to your desktop
Files to move: C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
- Right click on the window under Input script here:, and select Paste.
- You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
- Click on Execute
- Answer "Yes" twice when prompted.
- It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
=============================================================
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3
--------------------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
#5
Posted 01 October 2009 - 12:41 AM
-
- Members
-
- 22 posts
New Member
When Avenger rebooted went to blue screen and was forced to hard reset. When windows loaded Total Security took over the system. Was able to download and run Avenger and have attached the txt file. Combo Fix will not run. 
What now????
What now????
Attached Files
-
avenger.txt 1.67K
12 downloads
#6
Posted 01 October 2009 - 02:10 AM
-
- Members
-
- 22 posts
New Member
Found instructions by Advanced Setup on how to kill Total Security.
Downloaded Process Explorer and killed 12498237.exe process
Total Security Disappeared from Systray and popups stopped.
After several attempts ComboFix ran and completed. Logs attached.
HJT still will not run "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
Reinstalled Malwarebytes and ran quickscan. Logs attached.
Ever so appreciative of your help! Love this forum (=
Downloaded Process Explorer and killed 12498237.exe process
Total Security Disappeared from Systray and popups stopped.
After several attempts ComboFix ran and completed. Logs attached.
HJT still will not run "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
Reinstalled Malwarebytes and ran quickscan. Logs attached.
Ever so appreciative of your help! Love this forum (=
Attached Files
-
ComboFix.txt 17.79K
14 downloads
-
mbam_log_2009_09_30__20_49_42_.txt 2.67K
18 downloads
#7
Posted 02 October 2009 - 02:28 PM
-
- Experts
-
- 1,605 posts
Forum Deity
- Gender:Male
- Location:West Coast of Florida
Download the attached file CFScript.txt to your Desktop
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt". In your next reply, please include the ComboFix log and a fresh HIjackthis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this user's computer only!!!!
=============================================
==============================================
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt". In your next reply, please include the ComboFix log and a fresh HIjackthis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this user's computer only!!!!
=============================================
- Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.
- When it's finished, there will be a log called Win32kDiag.txt on your desktop.
- Please open it with notepad and post the contents here.
==============================================
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
- Close any open programs
- Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
- Once the update is complete, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, adware, dialers, and other riskware
- Archives
- E-mail databases
Attached Files
-
CFScript.txt 444bytes
31 downloads
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
#8
Posted 02 October 2009 - 07:37 PM
-
- Members
-
- 22 posts
New Member
Ran ComboFix as instructed with CFScript.
To run ComboFix couldn't disable McAfee virus. Noticed it was not scanning. Scheduled to run daily but has not scanned since 9/18 and could not start a scan. Got error message so I uninstalled McAfee. It was free through ISP but liked AVG better.
ComboFix 09-10-01.05 - Drew 10/02/2009 14:02.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.198 [GMT -5:00]
Running from: c:\documents and settings\Drew\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Drew\Desktop\CFScript.txt
.
((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.
2009-09-25 17:11 . 2009-09-25 17:11 -------- d-----w- c:\program files\Trend Micro
2009-09-25 17:03 . 2009-09-25 17:03 0 ----a-w- c:\documents and settings\Drew\settings.dat
2009-09-22 22:37 . 2009-09-22 22:37 -------- d-sh--w- c:\documents and settings\Drew\IECompatCache
2009-09-18 13:43 . 2009-09-18 13:43 -------- d-sh--w- c:\documents and settings\Drew\PrivacIE
2009-09-17 17:48 . 2009-09-17 17:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-17 14:10 . 2009-09-17 14:10 -------- d-sh--w- c:\documents and settings\Drew\IETldCache
2009-09-17 14:03 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-09-17 14:02 . 2009-09-17 14:03 -------- d-----w- c:\windows\ie8updates
2009-09-17 14:01 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-09-17 14:01 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-17 13:58 . 2009-09-17 14:01 -------- dc-h--w- c:\windows\ie8
2009-09-10 14:38 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 18:59 . 2009-01-21 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-02 13:05 . 2009-01-22 17:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-01 18:19 . 2008-01-27 22:39 -------- d-----w- c:\documents and settings\Drew\Application Data\U3
2009-10-01 01:40 . 2009-06-05 14:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 01:09 . 2009-07-01 01:08 50688 --sha-w- c:\windows\system32\zugowuva.dll
2009-09-11 15:37 . 2006-10-16 13:22 -------- d-----w- c:\program files\Java
2009-09-10 19:54 . 2009-06-05 14:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-06-05 14:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 13:02 . 2006-10-16 13:33 126096 ----a-w- c:\documents and settings\Drew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 15:06 . 2008-01-06 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 10:23 . 2009-02-02 17:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 18:44 . 2009-01-21 14:51 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-08 18:44 . 2009-01-21 14:51 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-08 18:44 . 2009-01-21 14:51 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-08 18:44 . 2009-01-21 14:51 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-08 18:43 . 2009-01-21 14:51 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-10-01_01.28.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-02 19:08 . 2009-10-02 19:08 16384 c:\windows\temp\Perflib_Perfdata_650.dat
+ 2006-10-16 13:16 . 2009-10-02 17:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-10-16 13:16 . 2009-09-28 00:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-01 01:35 . 2009-10-02 17:40 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-10-16 13:16 . 2009-09-28 00:43 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2004-08-04 77891]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-07-13 49152]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-08-16 90112]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-12-11 221247]
Belkin Wireless Utility.lnk - c:\program files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe [2005-8-18 1388544]
Scanner File Utility.lnk - c:\program files\Kyocera\FileUtility\NsCatCom.exe [2008-1-28 327680]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kyocera\\FileUtility\\NsCatCom.exe"=
R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [1/28/2008 1:49 PM 463872]
R3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 5:51 PM 16384]
S0 seua;seua;c:\windows\system32\drivers\nnskip.sys --> c:\windows\system32\drivers\nnskip.sys [?]
S2 usbdriver;USBDriver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 7:00 AM 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
USBDriver
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -
BHO-{d51f78a4-b4df-406f-9d1e-24c82809d43c} - tugokubu.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 14:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\user preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,af,f7,ae,f1,e2,0e,4c,a5,e7,1e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,af,f7,ae,f1,e2,0e,4c,a5,e7,1e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2596)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\windows\system32\usrshuta.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-02 14:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-02 19:11
ComboFix2.txt 2009-10-01 01:33
Pre-Run: 63,608,459,264 bytes free
Post-Run: 63,586,062,336 bytes free
163 --- E O F --- 2009-09-17 22:01
Still cannot get HJT to run. I have tried uninstalling and downloading a fresh copy. Still get error message "Windows cannot access the specified device, path, or file....."
Also ran win32kdiag
Running from: C:\Documents and Settings\Drew\desktop\win32kdiag.exe
Log file at : C:\Documents and Settings\Drew\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454
Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090
Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338
Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13F.tmp\ZAP13F.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13F.tmp\ZAP13F.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP329.tmp\ZAP329.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP329.tmp\ZAP329.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP406.tmp\ZAP406.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP406.tmp\ZAP406.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43D.tmp\ZAP43D.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43D.tmp\ZAP43D.tmp
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\temp\temp
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\tmp\tmp
Found mount point : C:\WINDOWS\CAVTemp\CAVTemp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CAVTemp\CAVTemp
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Config\Config
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Found mount point : C:\WINDOWS\CSC\d1\d1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d1\d1
Found mount point : C:\WINDOWS\CSC\d2\d2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d2\d2
Found mount point : C:\WINDOWS\CSC\d3\d3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d3\d3
Found mount point : C:\WINDOWS\CSC\d4\d4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d4\d4
Found mount point : C:\WINDOWS\CSC\d5\d5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d5\d5
Found mount point : C:\WINDOWS\CSC\d6\d6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d6\d6
Found mount point : C:\WINDOWS\CSC\d7\d7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d7\d7
Found mount point : C:\WINDOWS\CSC\d8\d8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d8\d8
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp\applets\applets
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp98\imejp98
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\classes\classes
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\trustlib\trustlib
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Found mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES
Found mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Finished!
Off to run Kaspersky.....
To run ComboFix couldn't disable McAfee virus. Noticed it was not scanning. Scheduled to run daily but has not scanned since 9/18 and could not start a scan. Got error message so I uninstalled McAfee. It was free through ISP but liked AVG better.
ComboFix 09-10-01.05 - Drew 10/02/2009 14:02.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.198 [GMT -5:00]
Running from: c:\documents and settings\Drew\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Drew\Desktop\CFScript.txt
.
((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.
2009-09-25 17:11 . 2009-09-25 17:11 -------- d-----w- c:\program files\Trend Micro
2009-09-25 17:03 . 2009-09-25 17:03 0 ----a-w- c:\documents and settings\Drew\settings.dat
2009-09-22 22:37 . 2009-09-22 22:37 -------- d-sh--w- c:\documents and settings\Drew\IECompatCache
2009-09-18 13:43 . 2009-09-18 13:43 -------- d-sh--w- c:\documents and settings\Drew\PrivacIE
2009-09-17 17:48 . 2009-09-17 17:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-17 14:10 . 2009-09-17 14:10 -------- d-sh--w- c:\documents and settings\Drew\IETldCache
2009-09-17 14:03 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-09-17 14:02 . 2009-09-17 14:03 -------- d-----w- c:\windows\ie8updates
2009-09-17 14:01 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-09-17 14:01 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-17 13:58 . 2009-09-17 14:01 -------- dc-h--w- c:\windows\ie8
2009-09-10 14:38 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 18:59 . 2009-01-21 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-02 13:05 . 2009-01-22 17:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-01 18:19 . 2008-01-27 22:39 -------- d-----w- c:\documents and settings\Drew\Application Data\U3
2009-10-01 01:40 . 2009-06-05 14:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 01:09 . 2009-07-01 01:08 50688 --sha-w- c:\windows\system32\zugowuva.dll
2009-09-11 15:37 . 2006-10-16 13:22 -------- d-----w- c:\program files\Java
2009-09-10 19:54 . 2009-06-05 14:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-06-05 14:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 13:02 . 2006-10-16 13:33 126096 ----a-w- c:\documents and settings\Drew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 15:06 . 2008-01-06 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 10:23 . 2009-02-02 17:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 18:44 . 2009-01-21 14:51 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-08 18:44 . 2009-01-21 14:51 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-08 18:44 . 2009-01-21 14:51 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-08 18:44 . 2009-01-21 14:51 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-08 18:43 . 2009-01-21 14:51 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-10-01_01.28.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-02 19:08 . 2009-10-02 19:08 16384 c:\windows\temp\Perflib_Perfdata_650.dat
+ 2006-10-16 13:16 . 2009-10-02 17:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-10-16 13:16 . 2009-09-28 00:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-01 01:35 . 2009-10-02 17:40 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-10-16 13:16 . 2009-09-28 00:43 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2004-08-04 77891]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-07-13 49152]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-08-16 90112]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-12-11 221247]
Belkin Wireless Utility.lnk - c:\program files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe [2005-8-18 1388544]
Scanner File Utility.lnk - c:\program files\Kyocera\FileUtility\NsCatCom.exe [2008-1-28 327680]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kyocera\\FileUtility\\NsCatCom.exe"=
R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [1/28/2008 1:49 PM 463872]
R3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 5:51 PM 16384]
S0 seua;seua;c:\windows\system32\drivers\nnskip.sys --> c:\windows\system32\drivers\nnskip.sys [?]
S2 usbdriver;USBDriver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 7:00 AM 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
USBDriver
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -
BHO-{d51f78a4-b4df-406f-9d1e-24c82809d43c} - tugokubu.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 14:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\user preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,af,f7,ae,f1,e2,0e,4c,a5,e7,1e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,af,f7,ae,f1,e2,0e,4c,a5,e7,1e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2596)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\windows\system32\usrshuta.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-02 14:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-02 19:11
ComboFix2.txt 2009-10-01 01:33
Pre-Run: 63,608,459,264 bytes free
Post-Run: 63,586,062,336 bytes free
163 --- E O F --- 2009-09-17 22:01
Still cannot get HJT to run. I have tried uninstalling and downloading a fresh copy. Still get error message "Windows cannot access the specified device, path, or file....."
Also ran win32kdiag
Running from: C:\Documents and Settings\Drew\desktop\win32kdiag.exe
Log file at : C:\Documents and Settings\Drew\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454
Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090
Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338
Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13F.tmp\ZAP13F.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13F.tmp\ZAP13F.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP329.tmp\ZAP329.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP329.tmp\ZAP329.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP406.tmp\ZAP406.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP406.tmp\ZAP406.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43D.tmp\ZAP43D.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43D.tmp\ZAP43D.tmp
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\temp\temp
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\tmp\tmp
Found mount point : C:\WINDOWS\CAVTemp\CAVTemp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CAVTemp\CAVTemp
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Config\Config
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Found mount point : C:\WINDOWS\CSC\d1\d1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d1\d1
Found mount point : C:\WINDOWS\CSC\d2\d2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d2\d2
Found mount point : C:\WINDOWS\CSC\d3\d3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d3\d3
Found mount point : C:\WINDOWS\CSC\d4\d4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d4\d4
Found mount point : C:\WINDOWS\CSC\d5\d5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d5\d5
Found mount point : C:\WINDOWS\CSC\d6\d6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d6\d6
Found mount point : C:\WINDOWS\CSC\d7\d7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d7\d7
Found mount point : C:\WINDOWS\CSC\d8\d8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d8\d8
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp\applets\applets
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp98\imejp98
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\classes\classes
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\trustlib\trustlib
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Found mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES
Found mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Finished!
Off to run Kaspersky.....
#9
Posted 02 October 2009 - 08:31 PM
-
- Experts
-
- 1,605 posts
Forum Deity
- Gender:Male
- Location:West Coast of Florida
Download regsrch.zip to your Desktop.
1. Unzip the contents of RegSrch.zip to a convenient location.
2. Double-click on RegSrch.vbs.
3. If you have an anti-virus installed it might prompt you about a running script.
4. Please ignore this warning and allow the script to run.
5. In the "Enter search string (case insensitive) and click OK..." box, paste this string:
USBDriver
6. Click "OK" to search the registry for that string.
7. Wait for a few minutes while it completes the search.
8. Click "OK" to open the results in WordPad.
9. Copy and paste the entire results into your next post.
1. Unzip the contents of RegSrch.zip to a convenient location.
2. Double-click on RegSrch.vbs.
3. If you have an anti-virus installed it might prompt you about a running script.
4. Please ignore this warning and allow the script to run.
5. In the "Enter search string (case insensitive) and click OK..." box, paste this string:
USBDriver
6. Click "OK" to search the registry for that string.
7. Wait for a few minutes while it completes the search.
8. Click "OK" to open the results in WordPad.
9. Copy and paste the entire results into your next post.
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
#10
Posted 02 October 2009 - 10:07 PM
-
- Members
-
- 22 posts
New Member
Here is the Kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, October 2, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, October 02, 2009 13:17:25
Records in database: 2889641
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 59405
Threats found: 12
Infected objects found: 30
Suspicious objects found: 0
Scan duration: 01:51:54
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\ddqud.exe.vir Infected: Trojan.Win32.Sasfis.iop 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\12793124\12793124.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\Documents and Settings\Drew\Application Data\lizkavd.exe.vir Infected: Trojan.Win32.FraudPack.udx 1
C:\Qoobox\Quarantine\C\Documents and Settings\Drew\Application Data\seres.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.fri 1
C:\Qoobox\Quarantine\C\Documents and Settings\Drew\Application Data\svcst.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.fri 1
C:\Qoobox\Quarantine\C\hxlqib.exe.vir Infected: Backdoor.Win32.Bredavi.jk 1
C:\Qoobox\Quarantine\C\pkusq.exe.vir Infected: Trojan.Win32.Scar.ygu 1
C:\Qoobox\Quarantine\C\Program Files\Protection System\uninstall.exe.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\desot.exe.vir Infected: Trojan.Win32.FraudPack.ulp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\difajowu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\54d82e49.sys.vir Infected: Backdoor.Win32.NewRest.gh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_54d82e49_.sys.zip Infected: Backdoor.Win32.NewRest.gh 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\fimijole.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gafilumu.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hefihiru.dll.tmp.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jobavito.dll.tmp.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kavumefe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kenahozi.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wsnf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lewadiye.dll.tmp.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\raferafo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tadebava.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbprpuwjnde.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbqbiouojwu.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACltmwmpjcrt.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\venaluwe.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wscsvc32.exe.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yizodonu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\Qoobox\Quarantine\C\yhjj.exe.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\WINDOWS\system32\zugowuva.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
Selected area has been scanned.
Next performing RegSrch.vbs
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, October 2, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, October 02, 2009 13:17:25
Records in database: 2889641
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 59405
Threats found: 12
Infected objects found: 30
Suspicious objects found: 0
Scan duration: 01:51:54
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\ddqud.exe.vir Infected: Trojan.Win32.Sasfis.iop 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\12793124\12793124.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\Documents and Settings\Drew\Application Data\lizkavd.exe.vir Infected: Trojan.Win32.FraudPack.udx 1
C:\Qoobox\Quarantine\C\Documents and Settings\Drew\Application Data\seres.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.fri 1
C:\Qoobox\Quarantine\C\Documents and Settings\Drew\Application Data\svcst.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.fri 1
C:\Qoobox\Quarantine\C\hxlqib.exe.vir Infected: Backdoor.Win32.Bredavi.jk 1
C:\Qoobox\Quarantine\C\pkusq.exe.vir Infected: Trojan.Win32.Scar.ygu 1
C:\Qoobox\Quarantine\C\Program Files\Protection System\uninstall.exe.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\desot.exe.vir Infected: Trojan.Win32.FraudPack.ulp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\difajowu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\54d82e49.sys.vir Infected: Backdoor.Win32.NewRest.gh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_54d82e49_.sys.zip Infected: Backdoor.Win32.NewRest.gh 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\fimijole.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gafilumu.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hefihiru.dll.tmp.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jobavito.dll.tmp.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kavumefe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kenahozi.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wsnf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lewadiye.dll.tmp.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\raferafo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tadebava.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbprpuwjnde.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbqbiouojwu.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACltmwmpjcrt.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\venaluwe.exe.vir Infected: Packed.Win32.Krap.x 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wscsvc32.exe.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yizodonu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\Qoobox\Quarantine\C\yhjj.exe.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\WINDOWS\system32\zugowuva.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
Selected area has been scanned.
Next performing RegSrch.vbs
#11
Posted 02 October 2009 - 10:13 PM
-
- Members
-
- 22 posts
New Member
Results of RegSrch:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "USBDriver" 10/2/2009 5:10:07 PM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_usbdriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_usbdriver\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_usbdriver\0000]
"Service"="usbdriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_usbdriver\0000]
"DeviceDesc"="USBDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_usbdriver\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_usbdriver\0000\Control]
"ActiveService"="usbdriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbdriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbdriver]
"DisplayName"="USBDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbdriver\parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbdriver\security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbdriver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbdriver\Enum]
"0"="Root\\legacy_usbdriver\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\legacy_usbdriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\legacy_usbdriver\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\legacy_usbdriver\0000]
"Service"="usbdriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\legacy_usbdriver\0000]
"DeviceDesc"="USBDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbdriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbdriver]
"DisplayName"="USBDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbdriver\parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbdriver\security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_usbdriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_usbdriver\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_usbdriver\0000]
"Service"="usbdriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_usbdriver\0000]
"DeviceDesc"="USBDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_usbdriver\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_usbdriver\0000\Control]
"ActiveService"="usbdriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver]
"DisplayName"="USBDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\Enum]
"0"="Root\\legacy_usbdriver\\0000"
Did I mention that Windows Security Center is now telling me that Automatic Updates is OFF, however, if I go into the System Properties and check Automatic Updates is set to download automatically?
THANKS AGAIN for all the help!
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "USBDriver" 10/2/2009 5:10:07 PM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_usbdriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_usbdriver\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_usbdriver\0000]
"Service"="usbdriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_usbdriver\0000]
"DeviceDesc"="USBDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_usbdriver\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_usbdriver\0000\Control]
"ActiveService"="usbdriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbdriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbdriver]
"DisplayName"="USBDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbdriver\parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbdriver\security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbdriver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbdriver\Enum]
"0"="Root\\legacy_usbdriver\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\legacy_usbdriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\legacy_usbdriver\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\legacy_usbdriver\0000]
"Service"="usbdriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\legacy_usbdriver\0000]
"DeviceDesc"="USBDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbdriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbdriver]
"DisplayName"="USBDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbdriver\parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbdriver\security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_usbdriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_usbdriver\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_usbdriver\0000]
"Service"="usbdriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_usbdriver\0000]
"DeviceDesc"="USBDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_usbdriver\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_usbdriver\0000\Control]
"ActiveService"="usbdriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver]
"DisplayName"="USBDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\Enum]
"0"="Root\\legacy_usbdriver\\0000"
Did I mention that Windows Security Center is now telling me that Automatic Updates is OFF, however, if I go into the System Properties and check Automatic Updates is set to download automatically?
THANKS AGAIN for all the help!
#12
Posted 02 October 2009 - 11:01 PM
-
- Experts
-
- 1,605 posts
Forum Deity
- Gender:Male
- Location:West Coast of Florida
Go to Start ---> Run----> Type regedit and press enter
Navigate to the following key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service
Right-click on the key
Choose Export.
Save it as export.txt to your desktop
Make sure save type as is .reg
In your next reply, please post the contents of the export. If its to large, just attach it. Thanks
Navigate to the following key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service
Right-click on the key
Choose Export.
Save it as export.txt to your desktop
Make sure save type as is .reg
In your next reply, please post the contents of the export. If its to large, just attach it. Thanks
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
#13
Posted 03 October 2009 - 04:15 PM
-
- Members
-
- 22 posts
New Member
There is not a "service" listed.
There is "ServiceModelEndpoint 3.0.0.0"
"ServiceModelOperation 3.0.0.0"
"ServiceModelService 3.0.0.0"
??
There is "ServiceModelEndpoint 3.0.0.0"
"ServiceModelOperation 3.0.0.0"
"ServiceModelService 3.0.0.0"
??
#14
Posted 03 October 2009 - 05:49 PM
-
- Experts
-
- 1,605 posts
Forum Deity
- Gender:Male
- Location:West Coast of Florida
That was my fault.
this is the key i want exported.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver
this is the key i want exported.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
#15
Posted 03 October 2009 - 06:47 PM
-
- Members
-
- 22 posts
New Member
Here it is:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="USBDriver"
"ObjectName"="LocalSystem"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\parameters]
"ServiceDll"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,74,00,67,00,\
70,00,77,00,78,00,69,00,6c,00,76,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\Enum]
"0"="Root\\legacy_usbdriver\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
Thanks
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="USBDriver"
"ObjectName"="LocalSystem"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\parameters]
"ServiceDll"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,74,00,67,00,\
70,00,77,00,78,00,69,00,6c,00,76,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbdriver\Enum]
"0"="Root\\legacy_usbdriver\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
Thanks
#16
Posted 03 October 2009 - 07:19 PM
-
- Experts
-
- 1,605 posts
Forum Deity
- Gender:Male
- Location:West Coast of Florida
good finally got some more information. I'll be back with a post.
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
#17
Posted 03 October 2009 - 07:29 PM
-
- Experts
-
- 1,605 posts
Forum Deity
- Gender:Male
- Location:West Coast of Florida
Open notepad and copy/paste the text in the codebox below into it:
Save this as grab.bat
Choose to "Save type as - All Files"
Save it on your desktop.
It should look like this:
Double click on grab.bat & allow it to run
A file, Files_for_submission.zip will be created on your desktop.
Please upload that file here --> http://www.bleepingcomputer.com/submit-mal....php?channel=70
@echo off for %%g in ( "C:\WINDOWS\system32\tgpwxilv.dll" ) do zip Files_for_submission %%g del %0
Save this as grab.bat
Choose to "Save type as - All Files"
Save it on your desktop.
It should look like this:
Double click on grab.bat & allow it to run
A file, Files_for_submission.zip will be created on your desktop.
Please upload that file here --> http://www.bleepingcomputer.com/submit-mal....php?channel=70
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
#18
Posted 03 October 2009 - 07:46 PM
-
- Members
-
- 22 posts
New Member
The grab bat file disappeared when I clicked on it. How long should it take for the other file to appear?
#19
Posted 03 October 2009 - 08:12 PM
-
- Experts
-
- 1,605 posts
Forum Deity
- Gender:Male
- Location:West Coast of Florida
There is nothing called Files for submission.zip on your desktop?
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
#20
Posted 03 October 2009 - 08:14 PM
-
- Experts
-
- 1,605 posts
Forum Deity
- Gender:Male
- Location:West Coast of Florida
Note: You may need to unhide hidden files and folders.
Configure Windows XP to show hide hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.
If the file isn't on your desktop, please search for it.
C:\WINDOWS\system32\tgpwxilv.dll
Configure Windows XP to show hide hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.
If the file isn't on your desktop, please search for it.
C:\WINDOWS\system32\tgpwxilv.dll
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
