Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SPAMMER:Win32/Cutwail.gen!D disabled my access to Microsoft Firew


  • This topic is locked This topic is locked

#1
geeksugarbaby

geeksugarbaby

    Member

  • Member
  • PipPipPip
  • 110 posts
() Be precise and informative about your problem. Describe any symptoms fully.

OK
Here goes:
Hi Geeks. Here's my issue.

-I have a Toshiba Satellite Laptop running Windows XP.

-I've used Microsoft Security Essentials for a few years now and have no issues.

-I logged in the other day and the little house icon was red with a white X in the middle. I clicked it to run a quick scan. It did not respond.

-I clicked to update and nothing. I noted no reference to viral infection so thinking that it was just time to update the entire software I went to MS and downloaded it again. At that point I could open it up. I performed a SCAN and noted the infection: SPAMMER:Win32/Cutwail.gen!D

As the program instructed, I clicked to restart my computer.

At shutdown, there was a file: skjhf9ewry30r33 that was holding up the shutdown. (I had never seen that before) I clicked to force the SHUTDOWN.

-Computer restarted and I checked but the little house icon was still RED. I repeated the whole process, SHUTDOWN, got the skjhf9ewry30r33 needing to be forcefully closed, etc. Same routine. Restarted and same red house icon.

-When I tried to turn on my REAL TIME PROTECTION from the MSEssentials Home Screen, this error code came up 0x800705b4

-When I clicked MSEssentials to UPDATE, it would not update. It gave me the error message...0x80070424
-I surfed online to find a fix for those but it got me nowhere, so I just decided to Uninstall MSEssentials and ReInstall.

-Once I uninstalled and downloaded the software again, during SETUP the INSTALL program told me the Settings for my Windows Firewall could not be accessed.

-Sure enough, I went there via Control Panel and found the same thing. I COULD NOT ACCESS Settings for the Firewall. I read online that a virus could cause problems like this, but the FIX involved messing with the Registry and since I wasn't comfy with that info I decided not to try it.

-Soooooooooo, that's the situation with MICROSOFT SECURITY ESSENTIALS and my MICROSOFT FIREWALL thru Control Panel.

-Just this evening I installed MalwareBytes and it found some nasty trojans. Removed them all. I then scanned with MSEssentials and it didn't find anything else, but it still wont UPDATE or GO LIVE with REAL TIME PROTECTION.

(+) Request for help: - I would like my MICROSOFT SECURITY ESSENTIALS to perform as it's intended and as it once did.
I would like to get REAL TIME Protection. I would like to UPDATE the virus files.
I would also like to have access to my MICROSOFT FIREWALL settings.
I would also like to know the optimum settings for: MICROSOFT FIREWALL; Microsoft ESESSENTIALS;& MALWAREBYTES.

(-) If known, it would be helpful to know how the infection was acquired -- Well, I have no idea where I got this. I had not downloaded anything so it must've been a website?

Thanks in advance for your time and assistance.

(( OTL file is attached ))

Attached Files

  • Attached File  OTL.Txt   65.86KB   108 downloads

  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Hello Gringo!

Thanks for assisting me.

I had apparently already clicked the WATCH button as it now only gives me the option to stop watching.

I have made the downloads and will go through the steps and reply shortly.
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
No problem I will be around a couple more hours tonight


Gringo
  • 0

#5
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
OK.

I did as you asked.

I am typing this on my desktop

My sick computer is my laptop.

I ran all three programs as directed.

prior to running ROGUEKILLER I disconnected my:

+ USB MOUSE

+ NETGEAR internet card from it's slot



The report was generated as stated.

However, though plugging both these PERIPHERALS BACK IN, neither of them work.

I rebooted.

Now I have regained my access to the internet thru the NETGEAR card, but my optical mouse (USB) does not work.

I decided to change USB ports. it works on either of the other 2, but DOES NOT WORK in the 3rd one that it used to be plugged into.

(((((((((((Can you assist me with turning this USB PORT back on?? ))))))))



I have uploaded the files that you asked for.


One thing though--
I failed to drag the DEFOGGER txt file from the Defogger window to my desktop when it first popped up.
I didn't remember this step until AFTER the reboot when it dawned on me that it had now gone POOF!!
So, I re-ran DEFOGGER to create a file and that is the one I attached.

Just as info, DEFOGGER did not ask me to reboot my machine.

Ball's in your court....

I trust I did this all properly

:-)

Attached Files


  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello geeksugarbaby

That is strange about the USB port - I have not heard of that yet - I will look into that and let me know if it auto corrects itself

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#7
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Ok

I have printed out these instructions...

Just wanted to mention...

after I went through your PHASE 1 instrux and rebooted, MSOFT ESSENTIALS is now green with a white check mark...

It still won't UPDATE.

When I click on QUARANTINED AND ALLOWED ITEMS, BOTH ARE BLANK.. BUT WHEN I CLICK ON DETECTED ITEMS... IT SAYS
TROJAN:WIN32/sirefef!cfg
===================================================================

It says:

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
file:C:\WINDOWS\Installer\{cd93043f-6f8a-ac1d-b4ca-bc254ec33dc3}\@

Get more information about this item online.

========================================================================

do I even bother to CLICK TO REMOVE... or do I just ignore this

and continue with your instrux once I Disable Security Essentials and Disable Malwarebytes???



Thanks Senor Gringo!
  • 0

#8
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Re: Turning off Virus, Malware and FireWall Protection


I turned off REAL TIME Protection in Micosoft Security Essentials

I went into Malwarebytes but it doesn't offer real time protection.. I see no way to turn it OFF

When I gotinto my /Windows Security Center on Control Panel, Windows Firewall tells me: DUE TO AN UNIDENTIFIED PROBLEM, WINDOWS CANNOT DISPLAY FIREWALL SETTINGS

Does this mean's it's already "OFF"???
  • 0

#9
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
I only have a FREE version of Malwarebytes, so it does not open or run with STARTUP.... so I'm okay there.
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
what I need you to do is run combofix for me and send me the report


gringo
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#12
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
I was called away.. but I am back tonight.. hoping to get this all wrapped up!!

OK I will ignore the other matters I wrote about and send you the combofix report shortly...
  • 0

#13
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
ComboFix Log is herewith attached.

What do I do now?

Try to reactivate my Virus protection and Malware?

Please advise at your earliest convenience

ComboFix 12-10-10.02 - CRC 10/15/2012 21:51:48.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.578 [GMT -4:00]
Running from: c:\documents and settings\CRC\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\CRC\GoToAssistDownloadHelper.exe
c:\documents and settings\CRC\salfutrocuqt.exe
c:\documents and settings\CRC\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\windows\iun6002.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET66.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\setb0.tmp
c:\windows\system32\SETB9.tmp
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\msvcr71.dll.int
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 01:41 . 2012-09-19 04:59 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D5F8373-67CD-49CC-A4DB-97B005838CAA}\mpengine.dll
2012-10-09 00:55 . 2012-10-09 00:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-09 00:55 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-06 04:07 . 2012-09-19 04:59 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-06 00:48 . 2012-10-06 00:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2012-10-06 00:47 . 2012-10-06 00:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-05 20:05 . 2012-10-05 20:05 59776 ----a-w- c:\windows\system32\drivers\c5f9d43c205aa79d.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 02:03 . 2012-08-31 02:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-06-14 22:20 . 2012-07-06 01:03 85472 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\windows\inf\WG511v2\snetcfg .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\CRC\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\CRC\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\CRC\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\CRC\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-29 198160]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\CRC\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-9-19 993280]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EasyNotes.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EasyNotes.lnk
backup=c:\windows\pss\EasyNotes.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=c:\windows\pss\eFax 4.3.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG511v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG511v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG511v2 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Weekly Compass.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Weekly Compass.lnk
backup=c:\windows\pss\Weekly Compass.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-04-12 23:17 88358 ----a-w- c:\windows\agrsmmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-11 17:00 339968 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2005-03-31 13:30 1106944 ----a-w- c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-05-31 13:33 122941 -c--a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
2007-03-06 17:21 116224 -c--a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-09-22 20:41 122368 -c--a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2005-04-12 23:18 184320 -c--a-w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
c:\program files\McAfee.com\Agent\mcagent.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
2006-05-04 23:59 40960 -c--a-w- c:\program files\Notebook Maximizer\maximizer_startup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-05-23 14:40 95800 -c--a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
2004-09-07 21:03 1077301 -c--a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2005-03-22 13:39 167936 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
2005-03-18 00:37 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 15:56 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2008-11-27 04:31 160592 -c--a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-04-15 23:51 122880 -c--a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrgSync.exe]
2004-07-19 19:12 3018752 ----a-w- c:\program files\StorageSync\StrgSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-21 17:50 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-21 17:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-10-14 22:26 688218 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-10-14 22:28 98394 -c--a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2005-04-25 16:15 339968 -c--a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-29 17:50 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2004-12-30 07:32 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2004-12-28 23:02 270336 ----a-w- c:\windows\system32\TPSMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2005-04-05 23:25 73728 -c--a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMT0070]
c:\program files\McAfee.com\Agent\mcagent.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TAPPSRV"=2 (0x2)
"ose"=3 (0x3)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"ACS"=2 (0x2)
"Swupdtmr"=2 (0x2)
"DVD-RAM_Service"=2 (0x2)
"CFSvcs"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"MDM"=2 (0x2)
.
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/5/2012 9:03 PM 113120]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo....src=ym&.intl=us
uInternet Settings,ProxyOverride = <local>
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Identities Editor - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: RoboForm Options - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComOptions.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Safenotes Editor - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: $talisma_url$
Trusted Zone: fancast.com\www
Trusted Zone: perfectcustomers.com\www
Trusted Zone: swinglifestyle.com\www
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\CRC\Application Data\Mozilla\Firefox\Profiles\hp031pco.default\
FF - prefs.js: browser.startup.homepage - hxxp://horoscopes.astrology.com/dailylongsagittarius.html
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Notebook_Maximizer - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-15 21:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-10-15 22:01:17
ComboFix-quarantined-files.txt 2012-10-16 02:01
ComboFix2.txt 2009-09-21 16:37
.
Pre-Run: 12,497,293,312 bytes free
Post-Run: 13,059,985,408 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 55586F09E2C06649999292ACD21CB535

Attached Files

  • Attached File  log.txt   15.9KB   36 downloads

  • 0

#14
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
1) Still cannot UPDATE SEcurity Essentials. I get the same error message


2) Still cannot access Windows Firewall.. I get the same error message.

3) And still down one USB port.


This is my current status. Everything else seems to be working fine.
  • 0

#15
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
I will check back Tuesday morning to see if you've responded.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP