Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

spyware Antivirus Pro 2010 effected my computer


  • Please log in to reply

#1
Kayal

Kayal

    New Member

  • Member
  • Pip
  • 8 posts
Hello,
I was going through your website and found many people had same problem of spyware exactly like mine and with your assistance they were able to get rid of the problem.

the Problem is as follows
I noticed I had the antivirusPro_2010 malware showing up on my computer. At the same time I noticed that when using Internet Explorer the search engines would redirect me to random sites on any link I clicked on. I have Norton Antivirus on my system but it was not of much help. it detected few viruses and trojan and resolved the problem or as it stated but every now and then my system was popping up with a red circle with a white cross sign at the right end corner of the taskbar and then the fake "Antivirus Pro 2010" starts scanning and I had to abruptly turn of my computer.

Next thing I did was boot in safe mode and delete the antivirus pro 2010 file from my system and the registry but still its of no use. its coming back again and again.

Finally I installed Malwarebytes but I am unable to run due to getting the following error when clicking on the "Windows Cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item". The SDFix is also not working.

I am totally lost and not sure what to do next. Since I have gone through your website I am very hopeful. I don't want to reformat the system.
Please I need some help. I can't even turn my system on as I feel the spyware along with other viruses is corrupting all my files.

Waiting for your suggestions and thanks in advance
  • 0

Advertisements


#2
Kayal

Kayal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi,
I Followed few steps from one of the previous solved antivirus pro 2010 topic and the txt files are as follows:

exehelperlog.txt

exeHelper by Raktor - 09
Build 20090925
Run at 21:54:08 on 10/02/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\system32\AVR09.exe
Deleting file C:\WINDOWS\system32\winupdate.exe
Deleting file C:\WINDOWS\system32\41.exe
Deleting file C:\WINDOWS\system32\winhelper.dll
Checking for bad registry entries...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


DDS.txt


DDS (Ver_09-09-29.01) - NTFSx86 NETWORK
Run by Administrator at 21:59:27.67 on Fri 10/02/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.3286 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.live.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,[email protected]
mRun: [rumemajow] Rundll32.exe "c:\windows\system32\metunale.dll",a
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.anandabazar.com/wfplayer/tdserver.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.18/uploader2.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/55.12/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
AppInit_DLLs: c:\windows\system32\metunale.dll,hosemuvu.dll
SSODL: bomudivib - {9f16edce-0065-4c1e-b627-bb70b73a3305} - c:\windows\system32\metunale.dll
STS: jugezatag: {9f16edce-0065-4c1e-b627-bb70b73a3305} - c:\windows\system32\metunale.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli gujofija.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-9-8 310320]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-6-4 244368]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-9-8 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-9-8 482432]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090916.003\IDSXpx86.sys [2009-9-16 329080]
S2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-12-29 320800]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-2-6 443168]
S2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-9-8 117640]
S2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-3-1 77824]
S2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-4 112512]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-6-4 32808]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091002.003\NAVENG.SYS [2009-10-2 84912]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091002.003\NAVEX15.SYS [2009-10-2 1323568]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2009-6-4 148056]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-6-4 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-6-4 280096]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-6-3 232744]

=============== Created Last 30 ================

2009-10-02 21:36 56,320 ac------ c:\windows\system32\dllcache\eventlog.dll
2009-10-02 21:36 56,320 a------- c:\windows\system32\eventlog.dll
2009-10-02 18:27 <DIR> --d----- c:\program files\winlog
2009-10-01 23:55 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-01 22:18 <DIR> --d-h--- c:\windows\PIF
2009-10-01 21:36 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-10-01 21:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-01 20:42 19,882 a------- c:\windows\otacu.dll
2009-10-01 20:42 17,397 a------- c:\docume~1\alluse~1\applic~1\wemixewili.bat
2009-10-01 20:42 16,916 a------- c:\windows\azoryfepah._dl
2009-10-01 20:42 16,482 a------- c:\windows\owoqy._sy
2009-10-01 20:42 15,241 a------- c:\program files\common files\muki.dll
2009-10-01 20:42 15,039 a------- c:\program files\common files\ocedyfobi.com
2009-10-01 20:42 14,212 a------- c:\windows\gohafev.exe
2009-10-01 20:42 13,640 a------- c:\windows\zetysopac.reg
2009-10-01 20:42 13,065 a------- c:\windows\zigyjy.sys
2009-10-01 20:42 12,371 a------- c:\windows\nufid._sy
2009-10-01 20:42 12,056 a------- c:\windows\system32\riha.sys
2009-10-01 20:42 11,027 a------- c:\windows\parutovaw.pif
2009-10-01 20:42 10,529 a------- c:\program files\common files\yfuqijicy.bin
2009-10-01 20:42 10,007 a------- c:\windows\yxikere.bat
2009-10-01 20:23 <DIR> --d----- c:\windows\ERUNT
2009-10-01 20:16 <DIR> --d----- C:\SDFix
2009-10-01 12:46 <DIR> --d----- c:\docume~1\admini~1\applic~1\Windows Search
2009-10-01 12:30 19,718 a------- c:\docume~1\alluse~1\applic~1\agyfi.sys
2009-10-01 12:30 19,577 a------- c:\windows\ucepasy.scr
2009-10-01 12:30 18,884 a------- c:\program files\common files\wiko.scr
2009-10-01 12:30 17,733 a------- c:\windows\ulin._dl
2009-10-01 12:30 16,756 a------- c:\windows\ydosicok.sys
2009-10-01 12:30 15,850 a------- c:\program files\common files\oleh.bat
2009-10-01 12:30 14,886 a------- c:\program files\common files\ypip.reg
2009-10-01 12:30 14,038 a------- c:\windows\system32\jinuwif.vbs
2009-10-01 12:30 11,788 a------- c:\windows\fywylyvy.sys
2009-10-01 12:30 11,243 a------- c:\windows\puqem.sys
2009-10-01 12:30 10,934 a------- c:\windows\irufejak.bin
2009-10-01 10:34 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-01 08:48 <DIR> --d--r-- c:\program files\Norton Support
2009-10-01 08:45 <DIR> --dsh--- c:\documents and settings\administrator\PrivacIE
2009-10-01 08:41 19,967 a------- c:\windows\igikenuf.exe
2009-10-01 08:41 19,899 a------- c:\program files\common files\ewyjisuw.vbs
2009-10-01 08:41 19,068 a------- c:\windows\jygogi.inf
2009-10-01 08:41 18,493 a------- c:\windows\feviw.ban
2009-10-01 08:41 18,400 a------- c:\windows\oqugom.scr
2009-10-01 08:41 18,238 a------- c:\docume~1\alluse~1\applic~1\nerupo.com
2009-10-01 08:41 17,782 a------- c:\windows\system32\uvonaba.vbs
2009-10-01 08:41 17,189 a------- c:\windows\system32\zexo.dat
2009-10-01 08:41 13,165 a------- c:\windows\system32\ixarimyt.sys
2009-10-01 08:41 11,900 a------- c:\windows\system32\zehire.reg
2009-10-01 08:41 10,080 a------- c:\windows\fepytely.db
2009-10-01 08:41 19,969 a------- c:\windows\ceniligamu.sys
2009-10-01 08:41 15,494 a------- c:\windows\system32\riqinonaj.vbs
2009-10-01 08:40 167,424 a------- c:\windows\system32\_scui.cpl
2009-10-01 08:32 <DIR> --dsh--- c:\documents and settings\administrator\IETldCache
2009-10-01 07:54 458,752 a------- c:\windows\system32\pump.exe
2009-10-01 07:54 87 a------- c:\windows\system32\wwp.htm
2009-10-01 07:52 0 a------- c:\windows\win32k.sys
2009-10-01 07:51 25,088 a--sh--- c:\windows\system32\calc.dll
2009-10-01 07:51 20,992 a------- c:\windows\system32\gasfkyofheqftq.dll
2009-10-01 07:50 85 a------- c:\windows\system32\gasfkycxeaopej.dat
2009-10-01 07:50 45,056 a------- c:\windows\system32\gasfkylsvngyuj.dll
2009-10-01 07:50 72,704 a------- c:\windows\system32\drivers\gasfkyhdkfnwnq.sys
2009-09-29 09:06 <DIR> --d----- C:\Manisha
2009-09-09 07:49 153,088 -c------ c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-10-02 10:32 51,200 a--sh--- c:\windows\system32\bokuwavi.dll
2009-10-02 10:32 194,056 a--sh--- c:\windows\system32\mehoheri.exe
2009-10-02 10:32 91,136 a--sh--- c:\windows\system32\turepare.dll
2009-10-02 10:32 39,424 a--sh--- c:\windows\system32\tejonubo.dll
2009-10-01 21:03 50,688 a--sh--- c:\windows\system32\pulobuha.dll
2009-10-01 21:02 1,048,100 a--sh--- c:\windows\system32\sosarure.exe
2009-10-01 21:02 91,136 a--sh--- c:\windows\system32\metunale.dll
2009-10-01 21:02 39,424 a--sh--- c:\windows\system32\musesiwo.dll
2009-10-01 20:42 17,461 a------- c:\program files\common files\huracubiho._sy
2009-10-01 15:04 81,629 a------- c:\windows\system32\nvModes.dat
2009-10-01 09:02 91,136 a--sh--- c:\windows\system32\pujojiwu.dll
2009-10-01 09:02 39,424 a--sh--- c:\windows\system32\boserote.dll
2009-10-01 09:02 28,160 a--sh--- c:\windows\system32\wukoraga.dll
2009-10-01 09:02 1,047,588 a--sh--- c:\windows\system32\bikurifo.exe
2009-10-01 09:02 47,104 a--sh--- c:\windows\system32\nayazika.exe
2009-10-01 08:41 18,770 a------- c:\program files\common files\remulige.lib
2009-10-01 08:41 12,526 a------- c:\program files\common files\jyxuju.ban
2009-09-10 18:35 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-10 18:35 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-09-10 18:35 7,456 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-10 18:35 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-22 03:21 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-28 16:47 100,950 a------- c:\windows\jgzr.dat
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll

============= FINISH: 21:59:36.98 ===============


Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/10/2009 5:34:39 PM
System Uptime: 10/2/2009 9:37:19 PM (0 hours ago)

Motherboard: Dell Inc. | | 0G868N
Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 2394/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 217.624 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
All Day Battery Life Configuration
BioAPI Framework
biolsp patch
Broadcom USH Host Components
Choice Guard
Conexant HDA D330 MDC V.92 Modem
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Dell Webcam Central
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Gemalto
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB945436)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Integrated Webcam Driver (1.06.03.0309)
Intel PROSet Wireless
Intel® Network Connections 13.0.42.0
Intel® PRO Alerting Agent
Intel® PROSet/Wireless WiFi API
Intel® PROSet/Wireless WiFi Driver
Intel® Matrix Storage Manager
Java™ 6 Update 11
Junk Mail filter update
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Live Add-in 1.3
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NetWaiting
Norton Internet Security
NTRU TCG Software Stack
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PDF Settings
PowerDVD DX
Preboot Manager
Private Information Manager
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Secure Update
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Wizards
Segoe UI
SO32MMWrapper
SofTest Bar Edition
Sonic CinePlayer Decoder Pack
SRS Premium Sound
Trusted Drive Manager
tsp patch
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VLC media player 1.0.1
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Presentation Foundation
Windows Search 4.0
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/2/2009 5:34:38 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/2/2009 12:59:31 PM, error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
10/2/2009 12:59:21 PM, error: Service Control Manager [7034] - The Smith Micro Connection Manager Service service terminated unexpectedly. It has done this 1 time(s).
10/2/2009 12:58:57 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/2/2009 12:32:40 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
10/2/2009 12:18:49 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/2/2009 11:15:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/2/2009 10:32:03 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\tejonubo.dll. Reference error message: The operation completed successfully. .
10/2/2009 10:32:03 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\system32\tejonubo.dll" on line 6.
10/1/2009 9:31:50 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm SRTSPX SYMTDI
10/1/2009 9:02:45 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\wukoraga.dll. Reference error message: The operation completed successfully. .
10/1/2009 9:02:45 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\system32\wukoraga.dll" on line 6.
10/1/2009 5:09:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm SRTSP SRTSPX SYMTDI
10/1/2009 5:00:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/1/2009 4:50:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/1/2009 4:50:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/1/2009 4:34:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SYMTDI Tcpip
10/1/2009 4:34:29 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2009 4:34:29 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2009 4:34:29 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2009 4:34:29 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2009 4:21:23 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/1/2009 12:59:02 PM, error: Service Control Manager [7001] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2009 12:52:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/1/2009 10:41:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SYMTDI Tcpip
10/1/2009 1:07:48 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

==== End Of File ===========================


RootRepeal.txt

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/02 22:03
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xBA3DB000 Size: 897024 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA2A5000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF7431000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Temp\Temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\PIF\PIF
Status: Locked to the Windows API!

Path: C:\WINDOWS\Config\Config
Status: Locked to the Windows API!

Path: C:\WINDOWS\Connection Wizard\Connection Wizard
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Ajay\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB968537\KB968537
Status: Locked to the Windows API!

Path: C:\WINDOWS\Registration\CRMLog\CRMLog
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\EventCache
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\classes\classes
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\trustlib\trustlib
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d1\d1
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d2\d2
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d3\d3
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d4\d4
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d5\d5
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d6\d6
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d7\d7
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d8\d8
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp98\imejp98
Status: Locked to the Windows API!

Path: C:\WINDOWS\msapps\msinfo\msinfo
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\tmp\tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\biolsp patch\biolsp patch
Status: Locked to the Windows API!

Path: C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Gemalto\Gemalto
Status: Locked to the Windows API!

Path: C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Preboot Manager\Preboot Manager
Status: Locked to the Windows API!

Path: C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Trusted Drive Manager\Trusted Drive Manager
Status: Locked to the Windows API!

Path: C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\tsp patch\tsp patch
Status: Locked to the Windows API!

Path: C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Wave Infrastructure\Wave Infrastructure
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Status: Locked to the Windows API!

Path: C:\WINDOWS\Sun\Java\Deployment\Deployment
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Temp\Temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\chsime\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\CHTIME\Applets\Applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imjp8_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\dicts\dicts
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\shared\res\res
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Config\News\News
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp\ZAP192.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP201.tmp\ZAP201.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28E.tmp\ZAP28E.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A.tmp\ZAP2A.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Status: Locked to the Windows API!

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.111.gthr
Status: Allocation size mismatch (API: 90112, Raw: 86016)

==EOF==



Please if anyone can guide me with what can be done next I will really appreciate that

Thanks
  • 0

#3
Kayal

Kayal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi,
The next step that I foolowed was downloaded Win32kDiag.exe
and now I am sending the Win32kDiag.txt


Running from: C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB968537\KB968537

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp\ZAP192.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP201.tmp\ZAP201.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28E.tmp\ZAP28E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A.tmp\ZAP2A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\biolsp patch\biolsp patch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Gemalto\Gemalto

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Preboot Manager\Preboot Manager

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Trusted Drive Manager\Trusted Drive Manager

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\tsp patch\tsp patch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Wave Infrastructure\Wave Infrastructure

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

[1] 2008-04-14 08:00:00 744448 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Temp

Mount point destination : \Device\__max++>\^



Finished!


Now I am not sure if I should follow the next step of executing fix.bat or not.
Can anyone help me to proceed please??
  • 0

#4
Kayal

Kayal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
hello,
I followed the next step of creating the btach file and executed it and then downloaded the combofix.exe and executed this too. It asked me to disable the Norton Internet Security system but I could not do it because I am installing everything in the safe mode where the norton internet full system is not activated. Anyways, the combofix ran and after rebooting it loaded the combofix.txt

The combofix.txt is as follows:-

ComboFix 09-10-01.05 - Administrator 10/02/2009 23:28.1.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.3186 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ajay\Application Data\amehi.com
c:\documents and settings\Ajay\Application Data\ehomody.dll
c:\documents and settings\Ajay\Application Data\ipikasyz.com
c:\documents and settings\Ajay\Application Data\ipizonoli.inf
c:\documents and settings\Ajay\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Ajay\Application Data\qedo.com
c:\documents and settings\Ajay\Application Data\selydygyh.scr
c:\documents and settings\Ajay\Application Data\tutoxepe.dl
c:\documents and settings\Ajay\Application Data\uhobybocu.pif
c:\documents and settings\Ajay\Application Data\uvuqefoxop.lib
c:\documents and settings\Ajay\Local Settings\Application Data\ifitodaqer.pif
c:\documents and settings\Ajay\Local Settings\Application Data\opaqehihi.scr
c:\documents and settings\Ajay\Local Settings\Application Data\yhoz.dll
c:\documents and settings\Ajay\Local Settings\Application Data\yryqasyfug.sys
c:\documents and settings\All Users\Application Data\agyfi.sys
c:\documents and settings\All Users\Application Data\nerupo.com
c:\documents and settings\All Users\Application Data\wemixewili.bat
c:\documents and settings\All Users\Documents\agoxi.inf
c:\documents and settings\All Users\Documents\asuz.ban
c:\documents and settings\All Users\Documents\lahi.com
c:\documents and settings\All Users\Documents\maxo.com
c:\documents and settings\All Users\Documents\ofala._dl
c:\documents and settings\All Users\Documents\puquqi.sys
c:\documents and settings\All Users\Documents\qivopydaly.scr
c:\documents and settings\All Users\Documents\zelefyxo.dll
c:\program files\Common Files\ewyjisuw.vbs
c:\program files\Common Files\jyxuju.ban
c:\program files\Common Files\muki.dll
c:\program files\Common Files\ocedyfobi.com
c:\program files\Common Files\oleh.bat
c:\program files\Common Files\wiko.scr
c:\program files\Common Files\yfuqijicy.bin
c:\program files\Common Files\ypip.reg
c:\windows\azoryfepah._dl
c:\windows\ceniligamu.sys
c:\windows\feviw.ban
c:\windows\fywylyvy.sys
c:\windows\gohafev.exe
c:\windows\igikenuf.exe
c:\windows\irufejak.bin
c:\windows\jygogi.inf
c:\windows\oqugom.scr
c:\windows\otacu.dll
c:\windows\parutovaw.pif
c:\windows\puqem.sys
c:\windows\system32\_scui.cpl
c:\windows\system32\bikurifo.exe
c:\windows\system32\boserote.dll
c:\windows\system32\drivers\gasfkyhdkfnwnq.sys
c:\windows\system32\dunuwopo.dll
c:\windows\system32\gasfkycxeaopej.dat
c:\windows\system32\gasfkylsvngyuj.dll
c:\windows\system32\gasfkyofheqftq.dll
c:\windows\system32\gavapufa.dll
c:\windows\system32\ginekufu.dll
c:\windows\system32\ixarimyt.sys
c:\windows\system32\jinuwif.vbs
c:\windows\system32\juwufajo.dll.tmp
c:\windows\system32\lisuhufu.dll.tmp
c:\windows\system32\lutovute.dll
c:\windows\system32\MabryObj.dll
c:\windows\system32\mehoheri.exe
c:\windows\system32\musesiwo.dll
c:\windows\system32\nayazika.exe
c:\windows\system32\ninoleli.dll.tmp
c:\windows\system32\riha.sys
c:\windows\system32\riqinonaj.vbs
c:\windows\system32\sehaniju.dll
c:\windows\system32\sosarure.exe
c:\windows\system32\suwumuwo.dll
c:\windows\system32\tejonubo.dll
c:\windows\system32\uvonaba.vbs
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wukoraga.dll
c:\windows\system32\zehire.reg
c:\windows\ucepasy.scr
c:\windows\ulin._dl
c:\windows\ydosicok.sys
c:\windows\yxikere.bat
c:\windows\zetysopac.reg
c:\windows\zigyjy.sys

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-10-03 01:36 . 2008-04-14 12:00 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-10-02 22:27 . 2009-10-02 22:30 -------- d-----w- c:\program files\winlog
2009-10-02 16:39 . 2009-10-02 16:39 -------- d-----w- c:\documents and settings\Ajay\Application Data\Malwarebytes
2009-10-02 03:55 . 2009-10-02 03:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-02 02:18 . 2009-10-02 02:19 -------- d--h--w- c:\windows\PIF
2009-10-02 01:36 . 2009-10-02 01:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-02 01:36 . 2009-10-02 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-02 00:23 . 2009-10-02 00:23 -------- d-----w- c:\windows\ERUNT
2009-10-02 00:16 . 2008-11-06 06:03 -------- d-----w- C:\SDFix
2009-10-01 14:42 . 2009-06-04 01:36 -------- d-----w- c:\documents and settings\Manisha\Application Data\Wave Systems Corp
2009-10-01 14:40 . 2009-10-01 14:40 -------- d-----w- c:\documents and settings\Ajay\Local Settings\Application Data\Symantec
2009-10-01 14:34 . 2009-10-01 14:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-01 12:48 . 2009-10-01 12:48 -------- d-----r- c:\program files\Norton Support
2009-10-01 12:45 . 2009-10-01 12:45 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-01 12:45 . 2009-10-01 12:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-10-01 12:41 . 2009-10-01 12:41 17189 ----a-w- c:\windows\system32\zexo.dat
2009-10-01 12:39 . 2009-10-01 12:39 25088 --sha-w- c:\documents and settings\LocalService\ntuser.dll
2009-10-01 12:32 . 2009-10-01 12:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-01 11:54 . 2009-10-01 11:54 458752 ----a-w- c:\windows\system32\pump.exe
2009-10-01 11:52 . 2009-10-02 22:30 0 ----a-w- c:\windows\win32k.sys
2009-10-01 11:51 . 2009-10-01 11:54 25088 --sha-w- c:\windows\system32\calc.dll
2009-10-01 11:51 . 2009-10-01 11:51 25088 --sha-w- c:\documents and settings\Ajay\ntuser.dll
2009-10-01 11:50 . 2009-10-01 11:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-29 13:06 . 2009-09-29 13:06 -------- d-----w- C:\Manisha
2009-09-09 11:49 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 01:36 . 2009-06-10 21:35 0 ----a-w- c:\documents and settings\Ajay\Local Settings\Application Data\WavXMapDrive.bat
2009-10-02 14:32 . 2009-07-02 14:32 51200 --sha-w- c:\windows\system32\bokuwavi.dll
2009-10-02 14:32 . 2009-07-02 14:32 91136 --sha-w- c:\windows\system32\turepare.dll
2009-10-02 01:03 . 2009-07-02 01:02 50688 --sha-w- c:\windows\system32\pulobuha.dll
2009-10-02 00:42 . 2009-10-02 00:42 17461 ----a-w- c:\program files\Common Files\huracubiho._sy
2009-10-01 19:04 . 2009-06-04 01:12 81629 ----a-w- c:\windows\system32\nvModes.dat
2009-10-01 19:03 . 2009-10-01 14:42 0 ----a-w- c:\documents and settings\Manisha\Local Settings\Application Data\WavXMapDrive.bat
2009-10-01 16:46 . 2009-10-01 16:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-10-01 13:02 . 2009-07-01 13:02 91136 --sha-w- c:\windows\system32\pujojiwu.dll
2009-10-01 12:41 . 2009-10-01 12:41 18770 ----a-w- c:\program files\Common Files\remulige.lib
2009-10-01 12:41 . 2009-10-01 12:41 11892 ----a-w- c:\documents and settings\Ajay\Application Data\gigyha.dat
2009-10-01 12:41 . 2009-10-01 12:41 10299 ----a-w- c:\documents and settings\Ajay\Application Data\hetujadyw.dat
2009-09-14 03:35 . 2009-08-08 03:43 -------- d-----w- c:\documents and settings\Ajay\Application Data\vlc
2009-09-10 22:35 . 2009-06-10 21:39 -------- d-----w- c:\program files\Symantec
2009-09-10 22:35 . 2009-06-10 21:39 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-10 22:35 . 2009-06-10 21:39 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-10 22:35 . 2009-06-10 21:39 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-10 22:35 . 2009-06-10 21:39 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-10 12:57 . 2009-06-04 01:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 04:43 . 2009-06-11 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Examsoft
2009-08-30 00:43 . 2009-06-10 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-22 07:21 . 2009-06-10 21:39 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-21 11:34 . 2009-06-04 01:26 20648 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 11:22 . 2009-06-04 01:36 20648 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 12:00 . 2009-08-12 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-08-12 12:00 . 2009-08-12 12:00 -------- d-----w- c:\documents and settings\Ajay\Application Data\CyberLink
2009-08-08 14:26 . 2009-06-04 01:32 -------- d-----w- c:\program files\Microsoft
2009-08-08 14:26 . 2009-06-04 01:32 -------- d-----w- c:\program files\Windows Live
2009-08-08 03:42 . 2009-08-08 03:42 -------- d-----w- c:\program files\VideoLAN
2009-08-05 09:01 . 2008-04-25 16:16 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:03 . 2009-08-05 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-05 03:01 . 2009-08-05 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-05 03:01 . 2009-08-05 02:59 -------- d-----w- c:\program files\Yahoo!
2009-08-05 03:00 . 2009-08-05 03:00 -------- d-----w- c:\documents and settings\Ajay\Application Data\Yahoo!
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-28 20:47 . 2009-06-11 00:12 100950 ----a-w- c:\windows\jgzr.dat
2009-07-17 19:01 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2008-04-25 16:16 233472 ----a-w- c:\windows\system32\wmpdxm.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-28 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-04 136600]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-12-19 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"calc"="c:\windows\system32\calc.dll" [2009-10-01 25088]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-28 1630208]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2008-08-28 90112]

c:\documents and settings\Ajay\Start Menu\Programs\Startup\
scandisk.dll [2009-10-1 25088]
scandisk.lnk - c:\windows\system32\rundll32.exe [2008-4-25 33280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-6-10 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1095456]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-6-3 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [9/8/2009 6:04 PM 310320]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/4/2009 12:05 AM 244368]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [9/8/2009 6:04 PM 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [9/8/2009 6:04 PM 482432]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [9/16/2009 5:52 PM 329080]
S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 12:07 PM 320800]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/6/2009 9:06 PM 443168]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [9/8/2009 6:04 PM 117640]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [3/1/2009 7:09 PM 77824]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/4/2009 12:05 AM 112512]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 6:28 AM 42832]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/4/2009 12:05 AM 32808]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/26/2009 4:00 AM 102448]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [6/4/2009 12:05 AM 148056]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [6/4/2009 12:05 AM 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [6/4/2009 12:05 AM 280096]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/3/2009 9:29 PM 232744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.18/uploader2.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{31379e36-bdca-4833-9762-245844c20d72} - ginekufu.dll
HKLM-Run-rumemajow - c:\windows\system32\lutovute.dll
HKLM-Run-dafotojazu - sehaniju.dll
SharedTaskScheduler-{f7d2201e-8ba2-487a-ae11-0a2e14206a3f} - c:\windows\system32\lutovute.dll
SSODL-rayulekag-{f7d2201e-8ba2-487a-ae11-0a2e14206a3f} - c:\windows\system32\lutovute.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 23:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1298724602-3524121627-213368549-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,42,36,81,f7,f5,4c,46,8a,be,da,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,42,36,81,f7,f5,4c,46,8a,be,da,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1240)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\system32\NetProvCredMan.dll

- - - - - - - > 'explorer.exe'(1440)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
Completion time: 2009-10-03 23:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-03 03:36

Pre-Run: 233,593,384,960 bytes free
Post-Run: 233,497,063,424 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

350 --- E O F --- 2009-09-10 12:21
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP