Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help!

Started by danderson9468 , Jun 29 2009 07:50 AM

  • Please log in to reply

#1
danderson9468
Posted 29 June 2009 - 07:50 AM

danderson9468

    New Member

  • Member
  • Pip
  • 1 posts
I'm a newbie. I'm having problem with my computer. I get the message "sqlservr.exe stopped working and was closed." I saw several suggestions to use and run combofix. I ran that and got the following log:


ComboFix 09-06-28.04 - Valued Customer 06/29/2009 9:23.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3071.1738 [GMT -4:00]
Running from: c:\users\Valued Customer\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Valued Customer\Favorites\Online Security Test.url
c:\users\VALUED~1\FAVORI~1\Online Security Test.url
c:\windows\system32\bszip.dll
D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-21 21:57 . 2009-06-21 22:03 -------- d-----w- C:\New_in_Town
2009-06-21 21:56 . 2009-06-24 12:02 -------- d-----w- c:\program files\DVD Decrypter
2009-06-21 21:55 . 2009-06-21 21:55 -------- d-----w- c:\progra~2\DVD Shrink
2009-06-19 10:44 . 2009-06-19 11:05 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Winamp
2009-06-19 10:44 . 2009-06-19 10:45 -------- d-----w- c:\program files\Winamp
2009-06-16 14:28 . 2009-06-16 14:28 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Uniblue
2009-06-14 10:04 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-14 10:04 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 09:58 . 2009-06-14 09:58 -------- d-----w- C:\Yahoo!
2009-06-11 12:48 . 2009-06-11 12:48 -------- d-----w- c:\windows\Sun
2009-06-09 15:23 . 2009-06-09 15:23 -------- d-----w- C:\Converted
2009-06-09 15:19 . 2009-06-09 15:19 -------- d-----w- c:\progra~2\AVS4YOU
2009-06-09 15:19 . 2009-06-09 15:19 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\AVS4YOU
2009-06-09 15:02 . 2009-06-09 15:02 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\AccurateRip
2009-06-08 12:09 . 2009-06-09 14:55 -------- d-----w- c:\users\Valued Customer\AppData\Local\Audible
2009-06-07 10:51 . 2009-06-07 10:51 -------- d-----w- c:\progra~2\WindowsSearch
2009-06-06 18:11 . 2009-06-06 18:11 -------- d-----w- c:\users\Valued Customer\AppData\Local\DNA
2009-06-06 18:11 . 2009-06-10 12:30 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\DNA
2009-06-06 18:11 . 2009-06-10 12:14 -------- d-----w- c:\program files\DNA
2009-06-06 18:11 . 2009-06-06 18:11 -------- d-----w- c:\program files\AskBarDis
2009-06-06 15:33 . 2009-06-06 15:33 -------- d-----w- c:\program files\Microsoft Easy Assist
2009-06-06 15:33 . 2009-06-06 15:33 -------- d-----w- c:\progra~2\Applications
2009-06-06 13:03 . 2009-03-08 11:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-06-06 13:03 . 2009-03-08 11:33 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-06-06 13:03 . 2009-03-08 11:33 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-06-06 13:03 . 2009-03-08 11:33 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-06-06 13:03 . 2009-03-08 11:33 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-06 13:03 . 2009-03-08 11:33 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-06-06 12:55 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-06 12:55 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-06 12:55 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-06 12:55 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-06 12:55 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-06 12:55 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-06 12:55 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-06 12:49 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-06 12:48 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-06 12:48 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-06 12:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-06 12:48 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-06 12:08 . 2009-06-06 12:08 -------- d-----w- c:\users\Valued Customer\AppData\Local\Microsoft Corporation
2009-06-06 12:03 . 2009-06-06 12:08 -------- d-----w- c:\program files\Microsoft Small Business
2009-06-06 12:01 . 2009-06-06 12:01 -------- d-----w- c:\users\Valued Customer\AppData\Local\Apple
2009-06-06 11:59 . 2009-06-15 07:01 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-06 10:55 . 2009-06-06 11:24 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Yahoo!
2009-06-05 20:48 . 2009-06-06 10:31 -------- d-----w- c:\windows\system32\Tasks(742)
2009-06-05 18:16 . 2009-06-06 11:17 -------- d-----r- c:\program files\Norton Support
2009-06-05 18:14 . 2009-06-05 18:14 -------- d-----w- c:\users\Valued Customer\AppData\Local\Symantec
2009-06-05 11:58 . 2009-06-06 10:47 -------- d-----w- c:\program files\AudioConverter Studio
2009-06-04 10:39 . 2009-06-04 10:39 -------- d-----w- c:\program files\iPod(82)
2009-06-04 10:39 . 2009-06-04 10:40 -------- d-----w- c:\program files\iTunes(83)
2009-06-04 10:36 . 2009-06-05 20:37 -------- d-----w- c:\program files\QuickTime(84)
2009-05-31 00:08 . 2009-05-31 00:08 -------- d-----w- c:\users\Valued Customer\AppData\Local\Yahoo
2009-05-30 23:57 . 2009-05-30 23:57 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Media Player Classic
2009-05-30 23:54 . 2009-06-06 10:47 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-30 20:16 . 2009-06-09 15:29 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-05-30 20:16 . 2009-06-09 15:29 -------- d-----w- c:\program files\AVS4YOU
2009-05-30 20:06 . 2009-06-05 12:24 -------- d-----w- C:\My Music
2009-05-30 20:04 . 2009-05-30 20:04 -------- d-----w- c:\program files\rmconverter.net
2009-05-30 19:50 . 2009-05-30 19:50 -------- d-----w- c:\program files\Free RM to MP3 Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 22:03 . 2008-12-06 00:10 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\RipIt4Me
2009-06-14 10:16 . 2008-08-09 01:13 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-12 07:15 . 2007-11-28 21:06 -------- d-----w- c:\program files\Microsoft Works
2009-06-11 11:33 . 2008-01-31 19:00 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Hewlett-Packard
2009-06-10 13:11 . 2008-08-09 02:18 -------- d-----w- c:\program files\Quicken
2009-06-10 13:09 . 2008-08-09 02:45 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-06-10 12:09 . 2008-08-09 01:27 -------- d-----w- c:\progra~2\FLEXnet
2009-06-09 15:21 . 2009-05-06 11:16 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\GetRightToGo
2009-06-06 18:00 . 2007-11-28 21:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-06 16:14 . 2008-08-18 19:24 142584 ----a-w- c:\users\Valued Customer\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-06 12:28 . 2009-05-11 13:32 -------- d-----w- c:\program files\iTunes
2009-06-06 12:27 . 2009-05-11 13:32 -------- d-----w- c:\program files\iPod
2009-06-06 12:27 . 2009-05-11 13:27 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 12:26 . 2009-05-11 13:30 -------- d-----w- c:\program files\QuickTime
2009-06-06 12:00 . 2008-08-09 01:15 -------- d-----w- c:\program files\Microsoft.NET
2009-06-06 11:09 . 2008-10-25 10:56 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\uTorrent
2009-06-06 11:09 . 2008-08-12 14:03 -------- d-----w- c:\progra~2\Yahoo!
2009-06-06 11:09 . 2007-11-28 21:11 -------- d-----w- c:\progra~2\WildTangent
2009-06-06 11:09 . 2007-11-28 21:10 -------- d-----w- c:\progra~2\Hewlett-Packard
2009-06-06 11:09 . 2009-03-12 10:27 -------- d-----w- c:\progra~2\PC Drivers HeadQuarters
2009-06-06 11:09 . 2009-05-06 11:37 -------- d-----w- c:\progra~2\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-06-06 11:09 . 2009-05-11 13:27 -------- d-----w- c:\progra~2\Apple
2009-06-06 11:09 . 2008-11-17 23:30 -------- d-----w- c:\progra~2\WebEx
2009-06-06 10:47 . 2007-11-28 21:14 -------- d-----w- c:\program files\Yahoo!
2009-06-05 20:49 . 2008-10-01 15:14 -------- d-----w- c:\progra~2\Roxio
2009-06-05 20:37 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-06-05 20:37 . 2007-11-28 21:08 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-06-05 20:36 . 2008-09-16 14:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-27 18:38 . 2009-05-27 18:38 -------- d-----w- c:\program files\Coupons
2009-05-19 15:11 . 2008-10-14 20:46 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Roxio
2009-05-13 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 09:51 . 2009-05-12 09:51 8854 ----a-r- c:\users\Valued Customer\AppData\Roaming\Microsoft\Installer\{5975F510-ACDF-4249-842F-3338630B0A93}\Uninstall_ImgSizer_0F6F6574D468489586834243BFC7E00C.exe
2009-05-12 09:51 . 2009-05-12 09:51 10134 ----a-r- c:\users\Valued Customer\AppData\Roaming\Microsoft\Installer\{5975F510-ACDF-4249-842F-3338630B0A93}\ARPPRODUCTICON.exe
2009-05-12 09:51 . 2008-08-11 02:06 -------- d-----w- c:\program files\Safeguard Properties, Inc
2009-05-11 13:38 . 2009-05-11 13:20 -------- d-----w- c:\program files\Audible
2009-05-11 13:33 . 2009-05-11 13:33 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Apple Computer
2009-05-11 13:33 . 2009-05-11 13:32 -------- d-----w- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-11 13:32 . 2009-05-11 13:30 -------- d-----w- c:\progra~2\Apple Computer
2009-05-11 13:31 . 2009-05-11 13:31 -------- d-----w- c:\program files\Bonjour
2009-05-11 13:29 . 2009-05-11 13:29 -------- d-----w- c:\program files\Apple Software Update
2009-05-09 17:34 . 2009-05-09 17:34 -------- d-----w- c:\program files\Carbonite
2009-05-09 17:34 . 2009-05-09 17:34 -------- d-----w- c:\progra~2\Carbonite
2009-05-09 05:50 . 2009-06-11 15:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 15:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-06 11:44 . 2007-11-28 21:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-06 11:38 . 2009-05-06 11:24 -------- d-----w- c:\progra~2\Norton
2009-05-06 11:36 . 2009-05-06 11:36 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-06 11:36 . 2009-05-06 11:36 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-06 11:36 . 2009-05-06 11:36 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-06 11:36 . 2009-05-06 11:36 -------- d-----w- c:\program files\Symantec
2009-05-06 11:36 . 2009-05-06 11:37 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-05-06 11:36 . 2009-05-06 11:36 -------- d-----w- c:\program files\Norton 360
2009-05-06 11:36 . 2007-11-28 21:16 -------- d-----w- c:\progra~2\Symantec
2009-05-06 11:36 . 2009-05-06 11:23 -------- d-----w- c:\progra~2\NortonInstaller
2009-05-06 11:24 . 2009-05-06 11:24 -------- d-----w- c:\progra~2\PCSettings
2009-05-06 11:23 . 2009-05-06 11:23 -------- d-----w- c:\program files\NortonInstaller
2009-04-23 12:43 . 2009-06-11 15:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 15:32 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 15:32 2033152 ----a-w- c:\windows\system32\win32k.sys
2007-11-28 20:14 . 2007-11-28 20:08 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 21:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-04-29 21:19 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-04-29 21:19 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-04-29 21:19 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-06-20 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2007-05-19 741376]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-04-29 669840]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-22 37888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{52F42859-1EFF-41A5-9846-85C969F40F44}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{41694962-D64E-45A1-A006-D6935581C70E}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A0A5E1B0-39CC-4FFD-AA2E-9E5789D063F8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9568066F-1D66-4CC8-A9C1-F39D914B53F0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7338441C-2FE7-4FB9-BECC-106998BA3140}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B112CD49-39BC-42DF-898A-D871697ECE74}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9C29E05B-9C44-47E1-BBD6-EC0C8CFF2EF8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EFCDAF74-D546-4532-A496-B8E7E1526B69}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{23E7F02A-11DB-4CD5-86EA-56881DF06CD8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8468F287-3D50-4072-AC5D-5865036282F7}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{12DC940B-6A2B-4FA1-A2FD-2D5F69B414AF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BD8951A1-6C3E-4449-9494-4283D699F0FB}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{34F8A27C-A519-410E-BC9C-A89E86C37A35}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3AC2BC38-DA54-4F5B-AA0D-78AC36BC37A4}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{52E7C7D5-3413-4D85-B54E-65F814B00407}"= TCP:5060:magicjack
"{8E663135-D563-4BB6-AFC0-CD34BAE86693}"= TCP:5070:magicjack
"{5A20EB60-CA6C-4B34-B237-0A8C22291C11}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{6DEC3761-5AA8-4089-A1C0-7D49FD37EE3B}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:Rosetta Stone Version 3 Application
"{61AFD2C3-2DF4-42FE-A181-DA74EEE19CC2}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:Rosetta Stone Ltd Services
"{8D3DA220-4784-4F22-B45B-FF881C65E42E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{34D4C75C-D0F9-4819-8DFD-E4940C9BE268}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{15C2EC3D-6D42-4C8D-B530-67A9E69CBD3B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9080AA65-FC50-4DB1-9199-67F6FDA4C103}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{AFB2EA8A-1F18-4683-9BDC-D49579F7FF35}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{108923F5-31FE-4CA0-BBFC-4B11CE1C223F}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{103E0106-26C1-48B9-9E38-76B27955515A}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{4464B2DD-000E-492E-88D9-D30C70BD71E6}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0300000.087\SymEFA.sys [5/6/2009 7:36 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.087\BHDrvx86.sys [5/6/2009 7:36 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000.087\cchpx86.sys [5/6/2009 7:36 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys [6/23/2009 8:52 PM 292912]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [11/28/2007 5:04 PM 198240]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [5/6/2009 7:36 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/6/2009 7:43 AM 101936]
R3 HPPLSBULK;HPPLSBULK;c:\windows\System32\drivers\hpplsbulk.sys [2/2/2005 6:29 PM 9344]
R3 HSXHWBS3;HSXHWBS3;c:\windows\System32\drivers\HSXHWBS3.sys [8/18/2008 6:33 PM 206336]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [8/18/2008 6:33 PM 464384]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.087\symndisv.sys [5/6/2009 7:36 AM 39984]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\System32\drivers\xcbda.sys [8/18/2008 6:33 PM 156928]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 5:50 PM 30312]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]

--- Other Services/Drivers In Memory ---

*Deregistered* - CO_Mon
*Deregistered* - SPBBCDrv
*Deregistered* - SYMDNS
*Deregistered* - SYMREDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\User_Feed_Synchronization-{F012DF4A-61F1-4868-881C-B0B00E2BB614}.job
- c:\windows\system32\msfeedssync.exe [2009-06-06 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-PWRISOVM - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: magicjack.com\my
Trusted Zone: safeguardproperties.com\inspi2
Trusted Zone: talk4free.com\reg
DPF: {434A2E00-1F9C-4DD6-ADE5-49923398FAB7} - hxxps://inspi2.safeguardproperties.com/inspi2/downloads/web/ProductChecker.cab
DPF: {756A8C37-B89C-4BB6-97AF-8BC982027DF1} - hxxps://inspi2.safeguardproperties.com/inspi2/downloads/web/imgsizer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 09:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-29 9:28
ComboFix-quarantined-files.txt 2009-06-29 13:28

Pre-Run: 182,559,117,312 bytes free
Post-Run: 182,543,237,120 bytes free

326 --- E O F --- 2009-06-27 10:32

Any help that you can give would be greatly appreciated. Thanks in advance.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP