Help - Search - Members - Calendar
Full Version: Help!! Infected with Cyber Security. Already performed ComboFix.Please help to analyze.A million thanks
Malwarebytes Forum > Computer Help > Malware Removal - HijackThis Logs
ana080400
Oct 26 2009, 10:28 AM
Hi,

my computer is infected with cyber security virus.I installed malwarebytes anti-malware, but it wouldn't scan. The page kept shutting down after 3 secs. I went on to install combo fix.. and here is my log report. Someone please help!! i'm desperate!!! Thank you in advance.. smile.gif

ComboFix 09-10-25.02 - averyl_evangeline 10/26/2009 2:51.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1531 [GMT -7:00]
Running from: c:\users\averyl_evangeline\Desktop\Combo-fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1961844542-1798076817-650510576-500
c:\$recycle.bin\S-1-5-21-3991032900-822933057-3276464376-500
c:\windows\010112010146116101.xxe
c:\windows\0101120101464955.xxe
c:\windows\bk23567.dat
c:\windows\freddy71.exe
c:\windows\ld15.exe
c:\windows\pp12.exe
c:\windows\rdr_1256443305.exe
c:\windows\rdr_1256443354.exe
c:\windows\rdr_1256443355.exe
c:\windows\rdr_1256443387.exe
c:\windows\rdr_1256443464.exe
c:\windows\rdr_1256443485.exe
c:\windows\rdr_1256540525.exe
c:\windows\rdr_1256540527.exe
c:\windows\rdr_1256545288.exe
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\drivers\fio32.sys
c:\windows\system32\fio32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_fioo32
-------\Service_SfX
-------\Legacy_fio32
-------\Service_fio32


((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-26 10:05 . 2009-10-26 10:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-26 08:15 . 2009-10-26 08:15 -------- d-----w- c:\users\averyl_evangeline\AppData\Roaming\Malwarebytes
2009-10-26 08:15 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 08:15 . 2009-10-26 08:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-26 08:15 . 2009-10-26 08:15 -------- d-----w- c:\programdata\Malwarebytes
2009-10-26 08:15 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 08:57 . 2009-10-25 08:57 -------- d-----w- c:\program files\Common Files\CSUninstall
2009-10-25 08:56 . 2009-10-25 08:57 -------- d-----w- c:\program files\CS
2009-10-15 20:51 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 20:49 . 2009-08-05 14:28 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 20:49 . 2009-08-05 14:28 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 20:48 . 2009-08-31 15:16 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 20:48 . 2009-08-31 15:21 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 20:48 . 2009-08-31 15:17 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-10-15 20:35 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 20:35 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 20:35 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-02 20:32 . 2009-10-01 17:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 08:21 . 2007-11-28 23:40 13589 ----a-w- c:\users\averyl_evangeline\AppData\Roaming\nvModes.dat
2009-10-26 08:17 . 2007-10-13 16:09 836 ----a-w- c:\windows\bthservsdp.dat
2009-10-25 08:49 . 2007-06-14 17:42 -------- d-----w- c:\program files\Symantec
2009-10-25 08:48 . 2007-06-14 17:43 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-25 08:48 . 2007-06-14 17:43 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-25 08:48 . 2007-06-14 17:43 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-25 08:48 . 2007-06-14 17:42 -------- d-----w- c:\programdata\Symantec
2009-10-25 08:48 . 2007-06-14 17:44 -------- d-----w- c:\program files\Norton Internet Security
2009-10-25 08:48 . 2007-06-14 17:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-18 21:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-18 20:29 . 2007-06-14 18:01 -------- d-----w- c:\programdata\Microsoft Help
2009-10-18 20:27 . 2007-06-14 17:59 -------- d-----w- c:\program files\Microsoft Works
2009-10-12 02:31 . 2009-02-05 19:31 -------- d-----w- c:\program files\Lx_cats
2009-09-11 06:59 . 2009-09-11 06:59 -------- d-----w- c:\users\averyl_evangeline\AppData\Roaming\WildTangent
2009-09-11 06:57 . 2007-06-14 18:28 -------- d-----w- c:\programdata\WildTangent
2009-09-10 04:31 . 2009-09-10 04:31 -------- d-----w- c:\users\averyl_evangeline\AppData\Roaming\Template
2009-09-10 04:30 . 2009-09-10 04:30 0 ----a-w- c:\users\averyl_evangeline\AppData\Roaming\wklnhst.dat
2009-09-09 22:16 . 2009-09-09 22:16 -------- d-----w- c:\program files\MySavings
2009-09-09 22:16 . 2009-09-09 22:16 -------- d-----w- c:\program files\Conduit
2009-08-29 03:41 . 2009-09-02 23:11 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40 . 2009-09-02 23:11 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31 . 2009-09-02 23:11 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 14:02 . 2009-10-15 20:50 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:57 . 2009-10-15 20:50 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57 . 2009-10-15 20:50 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56 . 2009-10-15 20:50 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24 . 2009-10-15 20:50 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51 . 2009-10-15 20:50 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 17:16 . 2009-09-09 05:19 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2009-08-14 16:42 . 2009-09-09 05:19 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-14 16:40 . 2009-09-09 05:19 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40 . 2009-09-09 05:19 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25 . 2009-09-09 05:19 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25 . 2009-09-09 05:19 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25 . 2009-09-09 05:19 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25 . 2009-09-09 05:19 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25 . 2009-09-09 05:19 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25 . 2009-09-09 05:19 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25 . 2009-09-09 05:19 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:24 . 2009-09-09 05:20 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 14:23 . 2009-09-09 05:19 22016 ----a-w- c:\windows\system32\netiougc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9927cacb-7863-42b4-95ab-7446332b7c59}"= "c:\program files\MySavings\tbMySa.dll" [2009-09-08 2260504]

[HKEY_CLASSES_ROOT\clsid\{9927cacb-7863-42b4-95ab-7446332b7c59}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9927cacb-7863-42b4-95ab-7446332b7c59}]
2009-09-08 20:32 2260504 ----a-w- c:\program files\MySavings\tbMySa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9927cacb-7863-42b4-95ab-7446332b7c59}"= "c:\program files\MySavings\tbMySa.dll" [2009-09-08 2260504]

[HKEY_CLASSES_ROOT\clsid\{9927cacb-7863-42b4-95ab-7446332b7c59}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9927CACB-7863-42B4-95AB-7446332B7C59}"= "c:\program files\MySavings\tbMySa.dll" [2009-09-08 2260504]

[HKEY_CLASSES_ROOT\clsid\{9927cacb-7863-42b4-95ab-7446332b7c59}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-26 1232896]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"NokiaPCInternetAccess"="c:\program files\Nokia\PC Internet Access\NPCIA.exe" [2008-05-07 536576]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"CS"="c:\program files\CS\cs.exe" [2009-10-25 1225216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-06-14 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-26 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-26 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-26 81920]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-06-14 77824]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2007-04-30 205744]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2007-04-30 103344]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\users\averyl_evangeline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-6-14 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=""
"AntiVirusOverride"=""
"FirewallDisableNotify"=""
"FirewallOverride"=""
"UpdatesDisableNotify"=""
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080226.002\IDSvix86.sys [2/26/2008 9:00 PM 261680]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [11/2/2006 1:35 AM 22016]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [11/2/2006 1:35 AM 22016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/20/2008 11:06 PM 109616]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [1/9/2007 9:32 PM 38200]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
fioo32 REG_MULTI_SZ fioo32
.
Contents of the 'Scheduled Tasks' folder

2008-12-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

2009-10-26 c:\windows\Tasks\CS.job
- c:\program files\CS\cs.exe [2009-10-25 08:56]

2009-10-06 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - averyl_evangeline.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 15:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-sysfbtray - c:\windows\freddy71.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 03:08
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(588)
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(5396)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxcgcoms.exe
c:\program files\Vongo\VongoService.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\combo-fix\CF2251.exe
c:\windows\System32\rundll32.exe
c:\program files\Vongo\Tray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\combo-fix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-26 3:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-26 10:15

Pre-Run: 171,034,210,304 bytes free
Post-Run: 169,978,036,224 bytes free

- - End Of File - - 34D47F4A865B1E0F989E08AE730A9872
miekiemoes
Oct 29 2009, 01:57 PM
Hi,

Can you try Malwarebytes again?
Let me know if it works. If so, then post the log from Malwarebytes in your next reply.
Make sure you update before you scan smile.gif
miekiemoes
Nov 12 2009, 03:35 PM
Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.