« previous next »
Pages: [1]   Go Down

Author Topic: [InActive K] @#$#@%%$&@##$ Windows safty checkpoint  (Read 679 times)

0 Members and 1 Guest are viewing this topic.

Offline zrag

  • Bronze Member
  • Posts: 5
[InActive K] @#$#@%%$&@##$ Windows safty checkpoint
« on: May 04, 2012, 01:07:38 AM »
I've got windows safety checkpoint blocking my access to the net and poping up all over the place. Appearently it is well hidden because I've tried the suggestions that I've found on the net to remove it and they don't work.
I've encluded the two logs that are requested below.
Thanks,
Gar
« Last Edit: May 15, 2012, 02:06:23 AM by kevinf80 »
Logged


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6354
Re: [InActive K] @#$#@%%$&@##$ Windows safty checkpoint
« Reply #1 on: May 04, 2012, 01:39:42 AM »
Hiya zrag,

Welcome to SpywareHammer, for security reasons we do not open any attachments in your thread unless we have specifically asked for them.
Please copy and paste the two DDS logs into your reply,

Thankyou,

Kevinf80...
Logged

Offline zrag

  • Bronze Member
  • Posts: 5
Re: [InActive K] @#$#@%%$&@##$ Windows safty checkpoint
« Reply #2 on: May 04, 2012, 02:42:47 AM »
I'm getting the message below when I paste the two DDS logs into my reply, what do you want me to do now?
Thanks,
Gar (Dad)
The message exceeds the maximum allowed length (50000 characters).
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6354
Re: [InActive K] @#$#@%%$&@##$ Windows safty checkpoint
« Reply #3 on: May 04, 2012, 04:22:37 AM »
Hiya Gar,

Thankyou for the update, i`ve merged your two replies. Please do not start new threads, just reply to this one. OK if the logs exceed forum character limits zip them and attach as you did previously, someone will respond when available...

Thankyou for your understanding,

Kevin
Logged

Offline zrag

  • Bronze Member
  • Posts: 5
Re: [InActive K] @#$#@%%$&@##$ Windows safty checkpoint
« Reply #4 on: May 04, 2012, 12:50:26 PM »
OK, as per the origional instructions that were posted, I've included the dds tex document that will fit in the message window and have attached the larger log  zipped.
Thanks for putting up with me.
Gar (Dad)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dad at 23:37:13 on 2012-05-03
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2031.1357 [GMT -7:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Documents and Settings\Dad\Application Data\Protector-dhvk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://search.blekko.com/ws/?source=12fe24cf&toolbarid=searchcom_004&u=20120501C3284D25809A6C56D014DF6D&tbp=homepage
uWindow Title = Windows Internet Explorer provided by Yahoo!
mSearchAssistant =
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {25f91356-743d-4a72-85bf-c49033ffa72b} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6E13D095-45C3-4271-9475-F3B48227DD9F} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7DE40473-AE15-3E0A-8D57-BC7CECC9F62A} - No File
BHO: {95525BD9-6136-4A26-8263-9CEE295D442D} - No File
BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {95080B13-AA71-4EE8-B951-7E98221E1ED5} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /M "Stylus CX3800" /EF "HKCU"
uRun: [cdloader] "c:\documents and settings\dad\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [Inspector] c:\documents and settings\dad\application data\Protector-dhvk.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [WFXSwtch] c:\progra~1\winfax\WFXSWTCH.exe
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TraySantaCruz] c:\windows\system32\tbctray.exe
StartupFolder: c:\docume~1\dad\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/dcode/ActiveX/MSDcode.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{1DA1F8BB-1C47-43BD-BCF1-2B7B87BB6D96} : DhcpNameServer = 192.168.0.1 192.168.0.1
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\winfax\WfxSeh32.Dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: ackwin32.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-3-29 16024]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-2-13 913752]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-2-9 31408]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-3-29 224920]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2009-8-14 148096]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2009-8-14 545984]
S1 MpKsl12a46058;MpKsl12a46058;

S1 MpKsl12ec0305;MpKsl12ec0305;

S1 MpKsl2128245f;MpKsl2128245f;

S1 MpKsl9dc93b03;MpKsl9dc93b03;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64d0e9df-c8e3-44df-9caa-6286b0e221f8}\MpKsl9dc93b03.sys [2012-5-1 28752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-28 136176]
S2 mrtRate;mrtRate;

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-29 253088]
S3 ampa;ampa;c:\windows\system32\ampa.sys [2012-4-3 10936]
S3 cpuz132;cpuz132;

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-2-17 13192]
S3 esgiguard;esgiguard;

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-2-17 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-28 136176]
S3 JoinMEPlayUI Assistant Service;JoinMEPlayUI Assistant Service;c:\program files\joinme drivers\JoinMEPlayAssistantServices.exe [2012-2-15 242176]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-2-15 9728]
S3 vtdg46xx;vtdg46xx;c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [2009-8-14 19232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [2012-2-15 106752]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [2012-2-15 106752]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [2012-2-15 106752]
.
=============== Created Last 30 ================
.
2012-05-04 06:32:20   --------   d-----w-   c:\documents and settings\dad\local settings\application data\visi_coupon
2012-05-02 08:43:14   --------   d-----w-   c:\program files\common files\PC Tools
2012-05-02 08:43:14   --------   d-----w-   c:\documents and settings\all users\application data\PC Tools
2012-05-02 08:43:09   --------   d-----w-   c:\documents and settings\dad\application data\searchcom_001
2012-05-02 08:42:59   --------   d-----w-   c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-02 08:42:59   --------   d-----w-   c:\program files\Enigma Software Group
2012-05-02 08:42:57   --------   d-----w-   c:\program files\common files\Wise Installation Wizard
2012-05-02 08:42:53   --------   d-----w-   c:\program files\common files\xing shared
2012-05-02 08:42:20   --------   d-----w-   c:\documents and settings\dad\local settings\application data\Apple
2012-05-02 06:57:00   185560   ----a-w-   c:\windows\system32\drivers\PCTSD.sys
2012-05-02 06:56:59   --------   d-----w-   c:\program files\PC Tools
2012-05-01 17:25:09   28752   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64d0e9df-c8e3-44df-9caa-6286b0e221f8}\MpKsl9dc93b03.sys
2012-05-01 16:59:21   --------   d-----w-   c:\documents and settings\dad\application data\searchcom_003
2012-05-01 16:59:17   --------   d-----w-   c:\program files\searchcom_003
2012-05-01 16:59:08   --------   d-----w-   c:\documents and settings\dad\local settings\application data\searchcom_003
2012-05-01 16:39:06   --------   d-----w-   c:\documents and settings\dad\application data\searchcom_004
2012-05-01 10:01:23   6881616   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64d0e9df-c8e3-44df-9caa-6286b0e221f8}\mpengine.dll
2012-04-29 08:09:38   --------   d-----w-   C:\sh4ldr
2012-04-29 07:40:10   2091520   ----a-w-   c:\documents and settings\dad\application data\Protector-dhvk.exe
2012-04-29 07:11:34   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 07:11:34   418464   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-04-29 06:07:51   --------   d-----w-   c:\program files\SMPlayer
2012-04-29 04:48:27   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-04-29 04:48:27   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-04-29 04:48:27   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-04-29 04:48:27   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-04-29 04:48:27   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-04-29 04:48:27   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-04-29 04:48:27   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin.dll
2012-04-29 04:46:25   --------   d-----w-   c:\documents and settings\dad\local settings\application data\Apple Computer
2012-04-29 04:28:47   --------   d-----w-   c:\documents and settings\dad\.smplayer
2012-04-12 09:58:37   177664   ----a-w-   c:\windows\system32\SET5BA.tmp
2012-04-12 09:58:37   148480   -c----w-   c:\windows\system32\dllcache\imagehlp.dll
2012-04-11 23:22:36   55296   ------w-   c:\windows\system32\SET619.tmp
2012-04-11 23:22:35   105984   ------w-   c:\windows\system32\SET617.tmp
2012-04-11 23:22:34   247808   ------w-   c:\program files\internet explorer\SET621.tmp
2012-04-11 23:22:34   184320   ------w-   c:\windows\system32\SET61E.tmp
2012-04-11 23:22:34   12800   ------w-   c:\program files\internet explorer\SET620.tmp
2012-04-11 23:22:33   25600   ------w-   c:\windows\system32\SET61B.tmp
2012-04-11 23:22:32   916992   ------w-   c:\windows\system32\SET615.tmp
2012-04-11 23:22:32   602112   ------w-   c:\windows\system32\SET61A.tmp
2012-04-11 23:22:31   2000384   ------w-   c:\windows\system32\SET61D.tmp
2012-04-11 23:22:31   1212416   ------w-   c:\windows\system32\SET616.tmp
2012-04-11 23:22:30   5978624   ------w-   c:\windows\system32\SET618.tmp
2012-04-11 09:11:46   73728   ----a-w-   c:\windows\system32\zlib1.dll
2012-04-11 09:11:46   196608   ----a-w-   c:\windows\system32\EasySoap.dll
2012-04-11 09:11:46   147456   ----a-w-   c:\windows\system32\libexpat.dll
2012-04-11 09:11:45   --------   d-----w-   c:\program files\Etresoft Decoder 4.0
2012-04-11 08:55:56   --------   d-----w-   c:\documents and settings\dad\application data\DriverCure
2012-04-11 08:55:55   --------   d-----w-   c:\documents and settings\dad\application data\SpeedyPC Software
2012-04-11 08:55:37   --------   d-----w-   c:\documents and settings\all users\application data\SpeedyPC Software
2012-04-09 07:17:01   --------   d-----w-   c:\documents and settings\dad\application data\FrmMain
2012-04-09 07:15:18   --------   d-----w-   c:\documents and settings\dad\application data\EmailNotifier
2012-04-09 07:15:16   --------   d-----w-   c:\documents and settings\dad\application data\searchcom_002
2012-04-09 07:14:13   96   ------w-   c:\windows\WSYS049.SYS
2012-04-09 07:13:58   --------   d-----w-   c:\documents and settings\dad\application data\PhotoposComtb
2012-04-09 07:13:58   --------   d-----w-   c:\documents and settings\all users\application data\EmailNotifier
2012-04-09 07:13:57   --------   d-----w-   c:\documents and settings\dad\application data\Photopos
2012-04-09 07:13:47   119777   ----a-w-   c:\windows\Pos Panorama Pro Uninstaller.exe
2012-04-09 07:13:45   --------   d-----w-   c:\program files\Pos Panorama Pro
2012-04-09 07:06:33   --------   d-----w-   c:\documents and settings\all users\application data\blekko toolbars
2012-04-09 07:06:12   --------   d-----w-   c:\documents and settings\dad\local settings\application data\searchcom_004
2012-04-09 03:44:54   22   ----a-w-   c:\windows\system32\syoepk_lib0.dll
2012-04-09 03:41:34   --------   d-----w-   c:\documents and settings\dad\application data\photopostb
2012-04-09 03:41:11   204005   ----a-w-   c:\windows\Photo Pos Pro Uninstaller.exe
2012-04-09 03:40:37   --------   d-----w-   c:\program files\common files\Thraex Software
2012-04-09 03:40:36   --------   d-----w-   c:\program files\Photo Pos Pro
2012-04-05 07:13:24   --------   d-----w-   c:\documents and settings\dad\application data\PC Cleaners
2012-04-05 07:13:15   --------   d-----w-   c:\documents and settings\dad\application data\PCPro
2012-04-05 07:13:13   --------   d-----w-   c:\documents and settings\all users\application data\PC1Data
.
==================== Find3M  ====================
.
2012-04-29 05:55:08   4107024   ----a-w-   c:\windows\uninst.exe
2012-03-29 21:51:52   12952   ----a-w-   c:\windows\system32\drivers\PSVolAcc.sys
2012-03-29 21:51:42   16024   ----a-w-   c:\windows\system32\drivers\pssnap.sys
2012-03-29 21:51:36   47256   ----a-w-   c:\windows\system32\drivers\psmounter.sys
2012-03-21 03:44:12   171064   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2012-03-02 13:01:32   11082752   ------w-   c:\windows\system32\SET61F.tmp
2012-03-01 11:01:32   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-03-01 11:01:32   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16   177664   ----a-w-   c:\windows\system32\wintrust.dll
2012-02-29 14:10:16   148480   ----a-w-   c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40   385024   ------w-   c:\windows\system32\html.iec
2012-02-23 21:25:08   21336   ----a-w-   c:\windows\system32\RegistryDefragBootTime.exe
2012-02-19 01:39:01   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2012-02-19 01:38:59   472808   ----a-w-   c:\windows\system32\deployJava1.dll
.
============= FINISH: 23:38:21.01 ===============
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6354
Re: [InActive K] @#$#@%%$&@##$ Windows safty checkpoint
« Reply #5 on: May 04, 2012, 01:17:22 PM »
Hello Gar and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
  • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
  • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

UNinstall the following via Stsrt > Control Panel > Add/Remove Programs:

SpybotSD TeaTimer
IObit
Microsoft Security Essentials
PC Cleaner Pro
Java(TM) 6 Update 20
Java 2 Runtime Environment, SE v1.4.2
Yahoo! Toolbar
PC-Doctor for Windows
ask.com

If they do not appear in the list just move on,

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

  • Ensure that Combofix is saved directly to the Desktop <--- Very important

  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.

  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

  • Instructions for running Combofix available Here if required.

  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why  disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
Logged

Offline zrag

  • Bronze Member
  • Posts: 5
Re: [InActive K] @#$#@%%$&@##$ Windows safty checkpoint
« Reply #6 on: May 07, 2012, 04:54:09 AM »


It took me a while but here's theComboFix log that you ask for.
Thanks for helping me out.
Gar (Dad)

ComboFix 12-05-07.01 - Dad 05/07/2012   3:15.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2031.1545 [GMT -7:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Dad\System
c:\documents and settings\Dad\System\win_qs8.jqx
c:\documents and settings\Dad\WINDOWS
c:\program files\Internet Explorer\SET620.tmp
c:\program files\Internet Explorer\SET621.tmp
C:\Windows Restore
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\SET107.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET5BA.tmp
c:\windows\system32\SET615.tmp
c:\windows\system32\SET616.tmp
c:\windows\system32\SET617.tmp
c:\windows\system32\SET618.tmp
c:\windows\system32\SET619.tmp
c:\windows\system32\SET61A.tmp
c:\windows\system32\SET61B.tmp
c:\windows\system32\SET61D.tmp
c:\windows\system32\SET61E.tmp
c:\windows\system32\SET61F.tmp
c:\windows\system32\SET79C.tmp
c:\windows\system32\syoepk_lib0.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
(((((((((((((((((((((((((   Files Created from 2012-04-07 to 2012-05-07  )))))))))))))))))))))))))))))))
.
.
2012-05-05 18:43 . 2003-09-03 16:55   53352   ----a-w-   c:\windows\system32\jpicpl32.cpl
2012-05-04 06:32 . 2012-05-04 06:32   --------   d-----w-   c:\documents and settings\Dad\Local Settings\Application Data\visi_coupon
2012-05-02 20:37 . 2012-05-02 21:14   --------   d-----w-   c:\documents and settings\Dad 2
2012-05-02 17:51 . 2012-05-02 17:52   --------   d-----w-   c:\documents and settings\Administrator
2012-05-02 08:43 . 2012-05-02 08:43   --------   d-----w-   c:\program files\Common Files\PC Tools
2012-05-02 08:43 . 2012-05-02 08:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2012-05-02 08:43 . 2012-05-02 08:43   --------   d-----w-   c:\documents and settings\Dad\Application Data\searchcom_001
2012-05-02 08:43 . 2012-05-02 08:43   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-05-02 08:42 . 2012-05-02 08:43   --------   d-----w-   c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-02 08:42 . 2012-05-02 08:43   --------   d-----w-   c:\program files\Enigma Software Group
2012-05-02 08:42 . 2012-05-02 08:42   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2012-05-02 08:42 . 2012-05-02 08:42   --------   d-----w-   c:\program files\Common Files\xing shared
2012-05-02 08:42 . 2012-05-02 08:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2012-05-02 08:42 . 2012-05-02 08:42   --------   d-----w-   c:\documents and settings\Dad\Local Settings\Application Data\Apple
2012-05-02 08:42 . 2012-05-02 08:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2012-05-02 06:57 . 2012-02-24 17:36   185560   ----a-w-   c:\windows\system32\drivers\PCTSD.sys
2012-05-02 06:56 . 2012-05-02 08:39   --------   d-----w-   c:\program files\PC Tools
2012-05-01 16:59 . 2012-05-02 08:39   --------   d-----w-   c:\documents and settings\Dad\Application Data\searchcom_003
2012-05-01 16:59 . 2012-05-02 08:39   --------   d-----w-   c:\program files\searchcom_003
2012-05-01 16:59 . 2012-05-01 16:59   --------   d-----w-   c:\documents and settings\Dad\Local Settings\Application Data\searchcom_003
2012-05-01 16:39 . 2012-05-02 08:43   --------   d-----w-   c:\documents and settings\Dad\Application Data\searchcom_004
2012-04-29 08:09 . 2012-05-02 07:52   --------   d-----w-   C:\sh4ldr
2012-04-29 07:11 . 2012-05-05 06:47   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 07:11 . 2012-05-05 06:47   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-04-29 06:07 . 2012-05-02 08:42   --------   d-----w-   c:\program files\SMPlayer
2012-04-29 04:57 . 2012-04-29 04:57   --------   d-----w-   c:\documents and settings\Dad\Application Data\Apple Computer
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-04-29 04:47 . 2012-05-02 08:41   --------   d-----w-   c:\program files\QuickTime
2012-04-29 04:47 . 2012-04-29 04:47   --------   d-----w-   c:\program files\Common Files\Apple
2012-04-29 04:46 . 2012-05-02 08:41   --------   d-----w-   c:\program files\Apple Software Update
2012-04-29 04:46 . 2012-04-29 04:46   --------   d-----w-   c:\documents and settings\Dad\Local Settings\Application Data\Apple Computer
2012-04-29 04:28 . 2012-05-02 08:41   --------   d-----w-   c:\documents and settings\Dad\.smplayer
2012-04-29 03:39 . 2012-05-02 08:42   --------   d-----w-   c:\program files\Real
2012-04-12 09:58 . 2012-02-29 14:10   148480   -c----w-   c:\windows\system32\dllcache\imagehlp.dll
2012-04-11 09:11 . 2008-03-02 06:41   196608   ----a-w-   c:\windows\system32\EasySoap.dll
2012-04-11 09:11 . 2008-03-02 06:40   147456   ----a-w-   c:\windows\system32\libexpat.dll
2012-04-11 09:11 . 2008-03-02 06:40   73728   ----a-w-   c:\windows\system32\zlib1.dll
2012-04-11 09:11 . 2012-04-11 09:11   --------   d-----w-   c:\program files\Etresoft Decoder 4.0
2012-04-11 08:55 . 2012-04-11 08:55   --------   d-----w-   c:\documents and settings\Dad\Application Data\DriverCure
2012-04-11 08:55 . 2012-04-11 08:55   --------   d-----w-   c:\documents and settings\Dad\Application Data\SpeedyPC Software
2012-04-11 08:55 . 2012-05-02 08:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-04-09 07:17 . 2012-04-09 07:17   --------   d-----w-   c:\documents and settings\Dad\Application Data\FrmMain
2012-04-09 07:15 . 2012-04-09 07:15   --------   d-----w-   c:\documents and settings\Dad\Application Data\EmailNotifier
2012-04-09 07:15 . 2012-04-09 07:15   --------   d-----w-   c:\documents and settings\Dad\Application Data\searchcom_002
2012-04-09 07:14 . 2002-08-01 02:55   96   ------w-   c:\windows\WSYS049.SYS
2012-04-09 07:13 . 2012-04-09 07:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\EmailNotifier
2012-04-09 07:13 . 2012-04-09 07:38   --------   d-----w-   c:\documents and settings\Dad\Application Data\Photopos
2012-04-09 07:13 . 2012-04-09 07:14   119777   ----a-w-   c:\windows\Pos Panorama Pro Uninstaller.exe
2012-04-09 07:13 . 2012-04-09 07:13   --------   d-----w-   c:\program files\Pos Panorama Pro
2012-04-09 07:06 . 2012-05-02 07:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\blekko toolbars
2012-04-09 07:06 . 2012-04-09 07:06   --------   d-----w-   c:\documents and settings\Dad\Local Settings\Application Data\searchcom_004
2012-04-09 03:41 . 2012-04-09 07:03   --------   d-----w-   c:\documents and settings\Dad\Application Data\photopostb
2012-04-09 03:41 . 2012-04-09 03:41   204005   ----a-w-   c:\windows\Photo Pos Pro Uninstaller.exe
2012-04-09 03:40 . 2012-04-09 03:40   --------   d-----w-   c:\program files\Common Files\Thraex Software
2012-04-09 03:40 . 2012-04-09 03:41   --------   d-----w-   c:\program files\Photo Pos Pro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 05:55 . 2012-02-14 00:00   4107024   ----a-w-   c:\windows\uninst.exe
2012-03-29 21:51 . 2012-03-29 21:51   12952   ----a-w-   c:\windows\system32\drivers\PSVolAcc.sys
2012-03-29 21:51 . 2012-03-29 21:51   16024   ----a-w-   c:\windows\system32\drivers\pssnap.sys
2012-03-29 21:51 . 2012-03-29 21:51   47256   ----a-w-   c:\windows\system32\drivers\psmounter.sys
2012-03-21 03:44 . 2010-03-26 05:30   171064   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2003-03-31 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2003-03-31 12:00   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2003-03-31 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2003-03-31 12:00   177664   ----a-w-   c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2003-03-31 12:00   148480   ----a-w-   c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2009-08-09 00:07   385024   ------w-   c:\windows\system32\html.iec
2012-02-23 21:25 . 2012-02-13 11:31   21336   ----a-w-   c:\windows\system32\RegistryDefragBootTime.exe
2012-02-19 01:38 . 2010-05-15 00:22   472808   ----a-w-   c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"cdloader"="c:\documents and settings\Dad\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"LogitechSoftwareUpdate"="c:\program files\LOGITECH\VIDEO\ManifestEngine.exe" [2005-06-08 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"WFXSwtch"="c:\progra~1\WinFax\WFXSWTCH.exe" [2001-09-11 27648]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2001-09-11 45568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-29 296056]
"TraySantaCruz"="c:\windows\system32\tbctray.exe" [2002-05-18 290816]
.
c:\documents and settings\Dad\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28   72208   ----a-w-   c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk /r \??\H:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 22:24   458752   ----a-w-   c:\program files\Logitech\Video\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 22:14   217088   ----a-w-   c:\program files\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-20 00:32   221184   ----a-w-   c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-09-03 17:27   53248   ----a-w-   c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-09-03 17:27   114688   ----a-w-   c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-05 21:23   114688   ----a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-03-11 23:24   86016   ----a-w-   c:\program files\Intel\NCS\PROSet\PRONoMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Gar Feathers\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Dad\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [3/29/2012 2:51 PM 16024]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2/9/2012 1:15 PM 31408]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [3/29/2012 2:51 PM 224920]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [8/14/2009 10:31 PM 148096]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [8/14/2009 10:31 PM 545984]
S1 MpKsl12a46058;MpKsl12a46058;

S1 MpKsl12ec0305;MpKsl12ec0305;

S1 MpKsl2128245f;MpKsl2128245f;

S1 MpKsl9dc93b03;MpKsl9dc93b03;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64D0E9DF-C8E3-44DF-9CAA-6286B0E221F8}\MpKsl9dc93b03.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64D0E9DF-C8E3-44DF-9CAA-6286B0E221F8}\MpKsl9dc93b03.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2012 8:26 PM 136176]
S2 mrtRate;mrtRate;

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/29/2012 12:11 AM 257696]
S3 ampa;ampa;c:\windows\system32\ampa.sys [4/3/2012 4:02 PM 10936]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2/17/2012 7:27 PM 13192]
S3 esgiguard;esgiguard;

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2/17/2012 7:27 PM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2012 8:26 PM 136176]
S3 JoinMEPlayUI Assistant Service;JoinMEPlayUI Assistant Service;c:\program files\JoinME Drivers\JoinMEPlayAssistantServices.exe [2/15/2012 6:28 PM 242176]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2/15/2012 6:28 PM 9728]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [8/14/2009 10:31 PM 19232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/31/2003 5:00 AM 14336]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [2/15/2012 6:28 PM 106752]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [2/15/2012 6:28 PM 106752]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [2/15/2012 6:28 PM 106752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32   128512   ----a-w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 06:47]
.
2012-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-29 03:26]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-29 03:26]
.
2012-05-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-2025429265-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-03-30 22:39]
.
2012-05-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-2025429265-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-03-30 22:39]
.
2012-05-07 c:\windows\Tasks\SDMsgUpdate (TE).job
- d:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-03-28 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = https://search.blekko.com/ws/?source=12fe24cf&toolbarid=searchcom_004&u=20120501C3284D25809A6C56D014DF6D&tbp=homepage
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{25f91356-743d-4a72-85bf-c49033ffa72b} - (no file)
BHO-{7DE40473-AE15-3E0A-8D57-BC7CECC9F62A} - (no file)
BHO-{95525BD9-6136-4A26-8263-9CEE295D442D} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{95080B13-AA71-4EE8-B951-7E98221E1ED5} - (no file)
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
ShellIconOverlayIdentifiers-{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\ask.com\updater\updater.exe
AddRemove-WorksDatabaseConverter - c:\windows\system32\javaws.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-07 03:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-TWRD-Z28G-QKT4-8MEB-8RMK-5X2VQZ5"
"Activated"="Y"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1860)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\crypserv.exe
c:\windows\system32\wfxsnt40.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-05-07  03:28:50 - machine was rebooted
ComboFix-quarantined-files.txt  2012-05-07 10:28
.
Pre-Run: 36,671,201,280 bytes free
Post-Run: 34,880,622,592 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - 310D0A2557FAC1BD3F8C6D605CD3712A
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6354
Re: [InActive K] @#$#@%%$&@##$ Windows safty checkpoint
« Reply #7 on: May 07, 2012, 05:58:26 AM »
OK do the following:

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code: [Select]
KillAll::
ClearJavaCache::
Folder::
c:\program files\Common Files\PC Tools
c:\documents and settings\All Users\Application Data\PC Tools
c:\program files\PC Tools
c:\documents and settings\Dad\Application Data\SpeedyPC Software
c:\documents and settings\All Users\Application Data\SpeedyPC Software
c:\documents and settings\Dad\Application Data\DriverCure
File::
c:\windows\system32\drivers\PCTSD.sys
RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-TWRD-Z28G-QKT4-8MEB-8RMK-5X2VQZ5"
"Activated"="Y"

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here  Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Let me see those two logs in next reply, also give an update on any remaining issues or concerns...

Kevin
Logged

Offline zrag

  • Bronze Member
  • Posts: 5
Re: [InActive K] @#$#@%%$&@##$ Windows safty checkpoint
« Reply #8 on: May 08, 2012, 01:53:07 AM »
By George, I think you've got it. It seems like everything is working again.
One more quick question; I have an annoying beep or ring on the computer. It seems to come at no particular time and for no particular reason. Any quick ideas?
The two logs you ask for are posted below.
Thanks for ALL of your help.
Gar (Dad)
                                  @@@@@@@@@@@@@@@@@@@@@@@
C:\Documents and Settings\Dad\Desktop\Folders\New Folder (5)\oi_avg_avwt_stb_all_9_117.exe   a variant of Win32/OpenInstall application   cleaned by deleting - quarantined
C:\Documents and Settings\Dad\Desktop\Folders\New Folder (5)\oi_bitdefender_isecurity_tucows.exe   a variant of Win32/OpenInstall application   cleaned by deleting - quarantined
C:\Documents and Settings\Dad\Desktop\Folders\New Folder (5)\oi_Coranti2010_AntiVirusAntiSpyware_setup.exe   a variant of Win32/OpenInstall application   cleaned by deleting - quarantined
C:\Documents and Settings\Dad\Desktop\programs\photopospro_setup.exe   Win32/Toolbar.Zugo application   deleted - quarantined
C:\Documents and Settings\Dad\My Documents\PosPanoramaPro_SetUp.exe   Win32/Toolbar.Zugo application   deleted - quarantined
C:\Documents and Settings\Gar Feathers\My Documents\Uninstall\Uninstall.exe   a variant of Win32/InstallCore.D application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{47D88953-2E7D-4913-AD5F-2ABD1A2236E2}\RP875\A0295233.exe   Win32/Adware.WintionalityChecker.AD application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{47D88953-2E7D-4913-AD5F-2ABD1A2236E2}\RP876\A0297086.exe   a variant of Win32/OpenInstall application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{47D88953-2E7D-4913-AD5F-2ABD1A2236E2}\RP876\A0297087.exe   a variant of Win32/OpenInstall application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{47D88953-2E7D-4913-AD5F-2ABD1A2236E2}\RP876\A0297088.exe   a variant of Win32/OpenInstall application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{47D88953-2E7D-4913-AD5F-2ABD1A2236E2}\RP876\A0297089.exe   Win32/Toolbar.Zugo application   deleted - quarantined


                                   @@@@@@@@@@@@@@@@@@@

ComboFix 12-05-07.01 - Dad 05/07/2012   3:15.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2031.1545 [GMT -7:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Dad\System
c:\documents and settings\Dad\System\win_qs8.jqx
c:\documents and settings\Dad\WINDOWS
c:\program files\Internet Explorer\SET620.tmp
c:\program files\Internet Explorer\SET621.tmp
C:\Windows Restore
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\SET107.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET5BA.tmp
c:\windows\system32\SET615.tmp
c:\windows\system32\SET616.tmp
c:\windows\system32\SET617.tmp
c:\windows\system32\SET618.tmp
c:\windows\system32\SET619.tmp
c:\windows\system32\SET61A.tmp
c:\windows\system32\SET61B.tmp
c:\windows\system32\SET61D.tmp
c:\windows\system32\SET61E.tmp
c:\windows\system32\SET61F.tmp
c:\windows\system32\SET79C.tmp
c:\windows\system32\syoepk_lib0.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
(((((((((((((((((((((((((   Files Created from 2012-04-07 to 2012-05-07  )))))))))))))))))))))))))))))))
.
.
2012-05-05 18:43 . 2003-09-03 16:55   53352   ----a-w-   c:\windows\system32\jpicpl32.cpl
2012-05-04 06:32 . 2012-05-04 06:32   --------   d-----w-   c:\documents and settings\Dad\Local Settings\Application Data\visi_coupon
2012-05-02 20:37 . 2012-05-02 21:14   --------   d-----w-   c:\documents and settings\Dad 2
2012-05-02 17:51 . 2012-05-02 17:52   --------   d-----w-   c:\documents and settings\Administrator
2012-05-02 08:43 . 2012-05-02 08:43   --------   d-----w-   c:\program files\Common Files\PC Tools
2012-05-02 08:43 . 2012-05-02 08:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2012-05-02 08:43 . 2012-05-02 08:43   --------   d-----w-   c:\documents and settings\Dad\Application Data\searchcom_001
2012-05-02 08:43 . 2012-05-02 08:43   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-05-02 08:42 . 2012-05-02 08:43   --------   d-----w-   c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-02 08:42 . 2012-05-02 08:43   --------   d-----w-   c:\program files\Enigma Software Group
2012-05-02 08:42 . 2012-05-02 08:42   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2012-05-02 08:42 . 2012-05-02 08:42   --------   d-----w-   c:\program files\Common Files\xing shared
2012-05-02 08:42 . 2012-05-02 08:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2012-05-02 08:42 . 2012-05-02 08:42   --------   d-----w-   c:\documents and settings\Dad\Local Settings\Application Data\Apple
2012-05-02 08:42 . 2012-05-02 08:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2012-05-02 06:57 . 2012-02-24 17:36   185560   ----a-w-   c:\windows\system32\drivers\PCTSD.sys
2012-05-02 06:56 . 2012-05-02 08:39   --------   d-----w-   c:\program files\PC Tools
2012-05-01 16:59 . 2012-05-02 08:39   --------   d-----w-   c:\documents and settings\Dad\Application Data\searchcom_003
2012-05-01 16:59 . 2012-05-02 08:39   --------   d-----w-   c:\program files\searchcom_003
2012-05-01 16:59 . 2012-05-01 16:59   --------   d-----w-   c:\documents and settings\Dad\Local Settings\Application Data\searchcom_003
2012-05-01 16:39 . 2012-05-02 08:43   --------   d-----w-   c:\documents and settings\Dad\Application Data\searchcom_004
2012-04-29 08:09 . 2012-05-02 07:52   --------   d-----w-   C:\sh4ldr
2012-04-29 07:11 . 2012-05-05 06:47   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 07:11 . 2012-05-05 06:47   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-04-29 06:07 . 2012-05-02 08:42   --------   d-----w-   c:\program files\SMPlayer
2012-04-29 04:57 . 2012-04-29 04:57   --------   d-----w-   c:\documents and settings\Dad\Application Data\Apple Computer
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-04-29 04:48 . 2012-04-29 04:49   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-04-29 04:47 . 2012-05-02 08:41   --------   d-----w-   c:\program files\QuickTime
2012-04-29 04:47 . 2012-04-29 04:47   --------   d-----w-   c:\program files\Common Files\Apple
2012-04-29 04:46 . 2012-05-02 08:41   --------   d-----w-   c:\program files\Apple Software Update
2012-04-29 04:46 . 2012-04-29 04:46   --------   d-----w-   c:\documents and settings\Dad\Local Settings\Application Data\Apple Computer
2012-04-29 04:28 . 2012-05-02 08:41   --------   d-----w-   c:\documents and settings\Dad\.smplayer
2012-04-29 03:39 . 2012-05-02 08:42   --------   d-----w-   c:\program files\Real
2012-04-12 09:58 . 2012-02-29 14:10   148480   -c----w-   c:\windows\system32\dllcache\imagehlp.dll
2012-04-11 09:11 . 2008-03-02 06:41   196608   ----a-w-   c:\windows\system32\EasySoap.dll
2012-04-11 09:11 . 2008-03-02 06:40   147456   ----a-w-   c:\windows\system32\libexpat.dll
2012-04-11 09:11 . 2008-03-02 06:40   73728   ----a-w-   c:\windows\system32\zlib1.dll
2012-04-11 09:11 . 2012-04-11 09:11   --------   d-----w-   c:\program files\Etresoft Decoder 4.0
2012-04-11 08:55 . 2012-04-11 08:55   --------   d-----w-   c:\documents and settings\Dad\Application Data\DriverCure
2012-04-11 08:55 . 2012-04-11 08:55   --------   d-----w-   c:\documents and settings\Dad\Application Data\SpeedyPC Software
2012-04-11 08:55 . 2012-05-02 08:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-04-09 07:17 . 2012-04-09 07:17   --------   d-----w-   c:\documents and settings\Dad\Application Data\FrmMain
2012-04-09 07:15 . 2012-04-09 07:15   --------   d-----w-   c:\documents and settings\Dad\Application Data\EmailNotifier
2012-04-09 07:15 . 2012-04-09 07:15   --------   d-----w-   c:\documents and settings\Dad\Application Data\searchcom_002
2012-04-09 07:14 . 2002-08-01 02:55   96   ------w-   c:\windows\WSYS049.SYS
2012-04-09 07:13 . 2012-04-09 07:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\EmailNotifier
2012-04-09 07:13 . 2012-04-09 07:38   --------   d-----w-   c:\documents and settings\Dad\Application Data\Photopos
2012-04-09 07:13 . 2012-04-09 07:14   119777   ----a-w-   c:\windows\Pos Panorama Pro Uninstaller.exe
2012-04-09 07:13 . 2012-04-09 07:13   --------   d-----w-   c:\program files\Pos Panorama Pro
2012-04-09 07:06 . 2012-05-02 07:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\blekko toolbars
2012-04-09 07:06 . 2012-04-09 07:06   --------   d-----w-   c:\documents and settings\Dad\Local Settings\Application Data\searchcom_004
2012-04-09 03:41 . 2012-04-09 07:03   --------   d-----w-   c:\documents and settings\Dad\Application Data\photopostb
2012-04-09 03:41 . 2012-04-09 03:41   204005   ----a-w-   c:\windows\Photo Pos Pro Uninstaller.exe
2012-04-09 03:40 . 2012-04-09 03:40   --------   d-----w-   c:\program files\Common Files\Thraex Software
2012-04-09 03:40 . 2012-04-09 03:41   --------   d-----w-   c:\program files\Photo Pos Pro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 05:55 . 2012-02-14 00:00   4107024   ----a-w-   c:\windows\uninst.exe
2012-03-29 21:51 . 2012-03-29 21:51   12952   ----a-w-   c:\windows\system32\drivers\PSVolAcc.sys
2012-03-29 21:51 . 2012-03-29 21:51   16024   ----a-w-   c:\windows\system32\drivers\pssnap.sys
2012-03-29 21:51 . 2012-03-29 21:51   47256   ----a-w-   c:\windows\system32\drivers\psmounter.sys
2012-03-21 03:44 . 2010-03-26 05:30   171064   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2003-03-31 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2003-03-31 12:00   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2003-03-31 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2003-03-31 12:00   177664   ----a-w-   c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2003-03-31 12:00   148480   ----a-w-   c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2009-08-09 00:07   385024   ------w-   c:\windows\system32\html.iec
2012-02-23 21:25 . 2012-02-13 11:31   21336   ----a-w-   c:\windows\system32\RegistryDefragBootTime.exe
2012-02-19 01:38 . 2010-05-15 00:22   472808   ----a-w-   c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"cdloader"="c:\documents and settings\Dad\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"LogitechSoftwareUpdate"="c:\program files\LOGITECH\VIDEO\ManifestEngine.exe" [2005-06-08 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"WFXSwtch"="c:\progra~1\WinFax\WFXSWTCH.exe" [2001-09-11 27648]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2001-09-11 45568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-29 296056]
"TraySantaCruz"="c:\windows\system32\tbctray.exe" [2002-05-18 290816]
.
c:\documents and settings\Dad\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28   72208   ----a-w-   c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk /r \??\H:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 22:24   458752   ----a-w-   c:\program files\Logitech\Video\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 22:14   217088   ----a-w-   c:\program files\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-20 00:32   221184   ----a-w-   c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-09-03 17:27   53248   ----a-w-   c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-09-03 17:27   114688   ----a-w-   c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-05 21:23   114688   ----a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-03-11 23:24   86016   ----a-w-   c:\program files\Intel\NCS\PROSet\PRONoMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Gar Feathers\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Dad\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [3/29/2012 2:51 PM 16024]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2/9/2012 1:15 PM 31408]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [3/29/2012 2:51 PM 224920]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [8/14/2009 10:31 PM 148096]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [8/14/2009 10:31 PM 545984]
S1 MpKsl12a46058;MpKsl12a46058;

S1 MpKsl12ec0305;MpKsl12ec0305;

S1 MpKsl2128245f;MpKsl2128245f;

S1 MpKsl9dc93b03;MpKsl9dc93b03;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64D0E9DF-C8E3-44DF-9CAA-6286B0E221F8}\MpKsl9dc93b03.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64D0E9DF-C8E3-44DF-9CAA-6286B0E221F8}\MpKsl9dc93b03.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2012 8:26 PM 136176]
S2 mrtRate;mrtRate;

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/29/2012 12:11 AM 257696]
S3 ampa;ampa;c:\windows\system32\ampa.sys [4/3/2012 4:02 PM 10936]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2/17/2012 7:27 PM 13192]
S3 esgiguard;esgiguard;

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2/17/2012 7:27 PM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2012 8:26 PM 136176]
S3 JoinMEPlayUI Assistant Service;JoinMEPlayUI Assistant Service;c:\program files\JoinME Drivers\JoinMEPlayAssistantServices.exe [2/15/2012 6:28 PM 242176]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2/15/2012 6:28 PM 9728]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [8/14/2009 10:31 PM 19232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/31/2003 5:00 AM 14336]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [2/15/2012 6:28 PM 106752]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [2/15/2012 6:28 PM 106752]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [2/15/2012 6:28 PM 106752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32   128512   ----a-w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 06:47]
.
2012-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-29 03:26]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-29 03:26]
.
2012-05-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-2025429265-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-03-30 22:39]
.
2012-05-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-2025429265-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-03-30 22:39]
.
2012-05-07 c:\windows\Tasks\SDMsgUpdate (TE).job
- d:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-03-28 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = https://search.blekko.com/ws/?source=12fe24cf&toolbarid=searchcom_004&u=20120501C3284D25809A6C56D014DF6D&tbp=homepage
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{25f91356-743d-4a72-85bf-c49033ffa72b} - (no file)
BHO-{7DE40473-AE15-3E0A-8D57-BC7CECC9F62A} - (no file)
BHO-{95525BD9-6136-4A26-8263-9CEE295D442D} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{95080B13-AA71-4EE8-B951-7E98221E1ED5} - (no file)
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
ShellIconOverlayIdentifiers-{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\ask.com\updater\updater.exe
AddRemove-WorksDatabaseConverter - c:\windows\system32\javaws.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-07 03:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-TWRD-Z28G-QKT4-8MEB-8RMK-5X2VQZ5"
"Activated"="Y"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1860)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\crypserv.exe
c:\windows\system32\wfxsnt40.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-05-07  03:28:50 - machine was rebooted
ComboFix-quarantined-files.txt  2012-05-07 10:28
.
Pre-Run: 36,671,201,280 bytes free
Post-Run: 34,880,622,592 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - 310D0A2557FAC1BD3F8C6D605CD3712A
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6354
Re: [InActive K] @#$#@%%$&@##$ Windows safty checkpoint
« Reply #9 on: May 08, 2012, 04:45:12 AM »
Rerun DDS and post a fresh set of logs please, if logs are ok we can start clean up process, get rid of tools etc...

Kevin :t
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6354
Re: [InActive K] @#$#@%%$&@##$ Windows safty checkpoint
« Reply #10 on: May 12, 2012, 03:35:22 PM »
Are you still with us zrag?
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6354
Re: [InActive K] @#$#@%%$&@##$ Windows safty checkpoint
« Reply #11 on: May 15, 2012, 02:05:54 AM »
Due to the lack of feedback this topic is closed. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!  :t
Logged
Pages: [1]   Go Up
« previous next »