Hpw to fix computer keeps rebooting due to DCOM Server Process?

dlampl1 · #1 January 22nd, 2010, 11:23 AM

My computer keeps giving me a popup message stating that my system must restart because the NT Administrative ....DCOM Server Process Launching Service Terminated.

How do I fix it? Running Windows XP...

Also, I keep getting redirects whenver I google anything and the redirects are not even related to my search request. Please help soon!

Damion

**Jintan** · #2 January 23rd, 2010, 05:27 AM

Welcome to CTH dlampl1,

Please do not start more than one request for the same situation - just makes more work for us here. Let's stop the shutdowns, then get some info to see what all is loading there.

As the desktop begins to load, as soon as possible go to Start - Run, type in the following and press OK:

shutdown -a

That should kill the shutdown process for now. Then do the following, to disable it:

1.Right-click My Computer, and then click Properties.

2.Click the Advanced tab.

3.Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box.

4.Clear the Automatically restart check box, and click OK the necessary number of times.

------------------

Then let's get some scan results to see what we need to do there.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

dlampl1 · #3 January 23rd, 2010, 05:46 AM

When I click on RSIT, It attempts to load the writing header information but I get an AutoIt Error
Line -1
Error: Variable used without being declared.

dlampl1 · #4 January 23rd, 2010, 05:47 AM

By the way! Sorry and Thanks Tom...Just really need to get this fixed...Because wife uses computer for work...

**Jintan** · #5 January 23rd, 2010, 05:52 AM

It is pretty late where I am, so I will provide an alternate scan for RSIT, but will have to check back in on your progress tomorrow, as time permits.

Download DDS by sUBs from one of the following links. Save it to your desktop.

DDS.scr
DDS.pif

Then then click that to run the scan. A window will open while the scan runs, and when it completes two logs will open in Notepad - DDS.txt and Attach.txt. An additional message box will open that you can just X close.

Save those two log files to your desktop (go to File - Save As and browse to your desktop to save each), then post both of them back here please, along with the Gmer results.

dlampl1 · #6 January 23rd, 2010, 10:11 AM

DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Administrator at 23:54:45.49 on Fri 01/22/2010
Internet Explorer: 8.0.6001.18702
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {7C5C0F58-E061-457D-9033-77307F5ED00C} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.ex e
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
Trusted Zone: trymedia.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-01-22 08:22:07 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-22 08:21:57 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-22 08:21:57 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-22 08:21:46 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-22 08:21:46 0 d-----w- c:\program files\common files\PC Tools
2010-01-22 08:18:38 0 d-----w- c:\program files\Spyware Doctor
2010-01-22 08:18:38 0 d-----w- c:\docume~1\compaq~1\applic~1\PC Tools
2010-01-22 08:18:38 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-01-22 07:49:23 4 ----a-w- c:\windows\msoffice.ini
2010-01-21 23:11:32 82132 ----a-w- C:\Stacey's Offer Letter.pdf
2010-01-19 05:00:26 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-01-19 05:00:18 0 d-----w- c:\program files\Hitman Pro 3.5
2010-01-19 05:00:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-01-15 02:30:04 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-15 02:29:51 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-15 02:29:51 0 d-----w- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com
2010-01-14 17:45:39 114688 ----a-w- c:\windows\~DF4D37.tmp
2010-01-14 17:45:26 114688 ----a-w- c:\windows\~DF25F9.tmp
2010-01-14 17:44:57 114688 ----a-w- c:\windows\~DF26BA.tmp
2010-01-14 17:44:47 114688 ----a-w- c:\windows\~DFDA86.tmp
2010-01-14 17:44:29 114688 ----a-w- c:\windows\~DF6F6C.tmp
2010-01-14 17:44:14 114688 ----a-w- c:\windows\~DF2CDC.tmp
2010-01-14 17:43:32 114688 ----a-w- c:\windows\~DFB976.tmp
2010-01-14 16:45:12 173184 ----a-w- c:\windows\system32\ygpss.scr
2010-01-14 16:45:10 0 d-----w- c:\program files\common files\Nullsoft
2010-01-14 16:43:42 0 d-----w- c:\program files\common files\AolCoach
2010-01-14 16:01:59 0 d-----w- c:\windows\pss
2010-01-13 23:44:17 0 ----a-w- c:\windows\system32\IS15.exe
2010-01-13 23:43:49 6435 ----a-w- c:\windows\system32\WORK.DAT
2010-01-13 23:42:02 0 ----a-w- c:\windows\system32\drivers\kidlq.sys
2010-01-13 23:41:50 32768 ----a-w- C:\ioixbmk.exe
2010-01-13 23:41:12 136192 ----a-w- C:\tegfcwpf.exe
2010-01-13 08:06:39 118 ----a-w- c:\windows\system32\MRT.INI
2010-01-13 06:33:28 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-01-21 21:30:08 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-21 21:30:08 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 00:42:18 2020136 ----a-w- C:\SkypeSetup.exe
2009-11-06 00:51:05 202000 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2003-06-20 08:05:04 49776 ----a-w- c:\windows\inf\usbhub20.sys
2003-06-20 08:05:04 24752 ----a-w- c:\windows\inf\hidclass.sys
2003-06-20 08:05:04 20688 ----a-w- c:\windows\inf\usbd.sys
2003-06-20 08:05:04 19728 ----a-w- c:\windows\inf\usbehci.sys
2003-06-20 08:05:04 138288 ----a-w- c:\windows\inf\usbport.sys
2006-11-04 17:35:50 22 --sha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 23:56:50.69 ===============

dlampl1 · #7 January 23rd, 2010, 10:12 AM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

==== Disk Partitions =========================

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

6200
6200_Help
6200Trb
Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AiO_Scan
AiOSoftware
AOL Coach Version 2.0(Build:20041026.5 en)
AOL You've Got Pictures Screensaver
BitLord 1.1
BufferChm
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Canon Camera Access Library
Canon Camera Support Core Library
Canon Digital Camera Solution Disk 34 Software Starter Guide
Canon Direct Print User Guide
Canon G.726 WMP-Decoder
Canon iP4600 series Printer Driver
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot A470 Camera User Guide
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities My Printer
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Compaq Connections (remove only)
Copy
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CreativeProjects
CreativeProjectsTemplates
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Director
DISCover
DocProc
DocumentViewer
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
Fax
FullDPAppQFolder
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP DVD Play 2.1
HP Extended Capabilities 4.7
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 4.7
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
InstantShareDevices
J2SE Runtime Environment 5.0 Update 6
Junk Mail filter update
LightScribe 1.4.105.1
LiveUpdate 3.1 (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Choice Guard
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Move Media Player
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NETGEAR WG111T Smart Wizard Wireless Utility
Netscape Browser (remove only)
NVIDIA Drivers
NVIDIA PhysX v8.07.18
OptionalContentQFolder
Otto
PanoStandAlone
PDF Settings
PhotoGallery
PokerStars
ProductContext
PunkBuster Services
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Remove WeatherBug Installer
Rhapsody
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
SkinsHP1
Skype™ 4.1
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spyware Doctor 6.0
Symantec AntiVirus
System Requirements Lab
TorrentMan Toolbar
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC 9.0 Runtime
Viewpoint Media Player
VLC media player 0.9.8a
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPcap 4.1 beta5
WinRAR
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer

==== End Of File ===========================

dlampl1 · #8 January 23rd, 2010, 10:14 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-23 04:13:54
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ugtdapoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 87428856

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

**Jintan** · #9 January 23rd, 2010, 11:51 PM

Gmer shows a type of malware method that alters an important boot level driver file, so let's start some repairs using a toll that does well with this issue.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 456out.com, then click the renamed 456out.com to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

dlampl1 · #10 January 24th, 2010, 01:37 AM

ComboFix 10-01-23.02 - Compaq_Administrator 01/23/2007 19:00:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.616 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\456out.com
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Administrator\Application Data\PnkBstrK.sys
C:\install.exe
c:\program files\Common Files\Uninstall
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\HN0F7A~1.INR
c:\windows\HN111D~1.INR
c:\windows\HN664F~1.INR
c:\windows\HNFBE6~1.INR
c:\windows\kb913800.exe
c:\windows\system32\41.exe
c:\windows\system32\anefojap.ini
c:\windows\system32\driVERs\kidlq.sys
c:\windows\system32\helper32.dll
c:\windows\system32\IS15.exe
c:\windows\system32\smss32.exe
c:\windows\system32\twain_32.dll
c:\windows\system32\warning.html
c:\windows\system32\winlogon32.exe
c:\windows\system32\WORK.DAT
c:\windows\unins000.dat
c:\windows\unins000.exe
D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll

Infected copy of c:\windows\system32\mqbkup.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqbkup.exe

Infected copy of c:\windows\system32\mqsvc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqsvc.exe

Infected copy of c:\windows\system32\mqtgsvc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqtgsvc.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IAS
-------\Legacy_WINSTS
-------\Legacy_kidlq
-------\Service_kidlq

((((((((((((((((((((((((( Files Created from 2006-12-24 to 2007-01-24 )))))))))))))))))))))))))))))))
.

2010-01-23 04:44 . 2010-01-23 04:44 -------- d-----w- C:\rsit
2010-01-22 08:22 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-22 08:21 . 2010-01-22 08:54 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-22 08:21 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-22 08:21 . 2010-01-22 08:23 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-22 08:21 . 2008-12-10 17:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-22 08:18 . 2010-01-22 09:18 -------- d-----w- c:\program files\Spyware Doctor
2010-01-22 08:18 . 2010-01-22 08:18 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\PC Tools
2010-01-22 08:18 . 2010-01-22 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-19 05:00 . 2010-01-22 07:36 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-01-19 05:00 . 2010-01-19 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-01-19 05:00 . 2010-01-19 05:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-01-19 04:32 . 2010-01-19 04:32 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-01-19 04:32 . 2010-01-19 04:32 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-01-19 04:32 . 2010-01-19 04:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-01-19 02:03 . 2010-01-19 02:03 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Threat Expert
2010-01-17 19:37 . 2010-01-17 19:37 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\PCHealth
2010-01-15 02:30 . 2010-01-15 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-15 02:29 . 2010-01-22 07:56 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2010-01-15 02:29 . 2010-01-22 07:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-14 18:19 . 2010-01-14 18:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Netscape
2010-01-14 16:48 . 2010-01-14 16:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2010-01-14 16:45 . 2010-01-22 07:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2010-01-14 16:45 . 2010-01-14 16:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2010-01-14 16:45 . 2005-07-28 22:28 173184 ----a-w- c:\windows\system32\ygpss.scr
2010-01-14 16:45 . 2010-01-14 16:45 -------- d-----w- c:\program files\Common Files\Nullsoft
2010-01-14 16:43 . 2010-01-14 16:43 -------- d-----w- c:\program files\Common Files\AolCoach
2010-01-14 16:38 . 2010-01-14 16:38 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-14 16:35 . 2010-01-14 16:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-14 16:30 . 2010-01-14 16:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-13 23:49 . 2010-01-13 23:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2010-01-13 23:48 . 2010-01-13 23:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-13 23:42 . 2010-01-14 23:28 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\fsmket
2010-01-13 23:41 . 2010-01-13 23:41 32768 ----a-w- C:\ioixbmk.exe
2010-01-13 23:41 . 2010-01-13 23:41 136192 ----a-w- C:\tegfcwpf.exe
2010-01-13 06:33 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-05 17:43 . 2010-01-05 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-19 22:28 . 2010-01-13 08:06 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\xcbmju
2009-12-10 05:16 . 2009-12-10 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-12-10 05:16 . 2009-12-10 05:16 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-12-10 02:53 . 2009-12-10 02:53 -------- d-----w- c:\program files\Bonjour
2009-12-10 02:24 . 2009-12-10 02:24 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-10 08:41 . 2009-11-10 08:41 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-10 03:47 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-10 03:47 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-10 03:20 . 2009-11-10 03:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-10 03:20 . 2010-01-23 05:00 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\skypePM
2009-11-10 03:16 . 2008-04-13 19:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-11-10 03:16 . 2008-04-13 19:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2009-11-10 03:15 . 2008-04-13 19:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-11-10 03:15 . 2008-04-13 19:46 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2009-11-10 03:15 . 2008-04-13 19:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-11-10 03:15 . 2008-04-13 19:46 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2009-11-10 03:15 . 2010-01-23 05:06 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Skype
2009-11-10 03:14 . 2008-04-13 19:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-11-10 03:14 . 2008-04-13 19:46 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2009-11-10 03:13 . 2008-04-13 19:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-11-10 03:13 . 2008-04-13 19:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-11-10 03:12 . 2008-04-13 19:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-11-10 03:12 . 2008-04-13 19:46 85248 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-11-10 03:12 . 2009-11-10 03:12 -------- d-----w- c:\program files\Common Files\Skype
2009-11-10 03:11 . 2009-11-10 03:12 -------- d-----r- c:\program files\Skype
2009-11-10 03:10 . 2008-04-13 19:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-11-10 03:10 . 2008-04-13 19:46 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-11-10 03:08 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-11-10 03:08 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-11-10 03:06 . 2008-04-14 01:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-11-10 03:06 . 2008-04-14 01:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-11-10 02:46 . 2010-01-22 08:03 -------- d-----w- c:\documents and settings\Compaq_Administrator\Tracing
2009-11-10 01:13 . 2010-01-22 08:04 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-10 01:11 . 2009-11-10 01:11 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-10 01:10 . 2009-08-06 03:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-11-10 01:08 . 2009-11-10 01:08 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 01:06 . 2009-11-10 01:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-10 01:02 . 2009-11-10 01:12 -------- d-----w- c:\program files\Microsoft
2009-11-10 01:02 . 2009-11-10 01:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-10 01:01 . 2009-11-10 01:10 -------- d-----w- c:\program files\Windows Live
2009-11-10 00:51 . 2009-11-10 00:51 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-10 00:44 . 2009-07-24 20:05 676704 ----a-w- c:\windows\system32\LCCoin30.dll
2009-11-10 00:44 . 2009-07-24 20:05 30560 ----a-w- c:\windows\system32\drivers\nx6000.sys
2009-11-10 00:43 . 2009-11-10 00:44 -------- d-----w- c:\program files\Microsoft LifeCam
2009-11-10 00:43 . 2009-11-10 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-10 00:42 . 2009-11-10 00:42 2020136 ----a-w- C:\SkypeSetup.exe
2009-11-10 00:40 . 2009-11-10 00:40 -------- d-----w- c:\windows\system32\drivers\umdf
2009-11-07 13:30 . 2009-11-18 14:20 -------- d-----w- C:\Patches
2009-11-05 21:14 . 2009-11-05 21:14 -------- d-----w- c:\windows\system32\AGEIA
2009-11-05 21:14 . 2009-11-05 21:15 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-05 21:12 . 2010-01-22 07:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-05 21:08 . 2008-07-26 04:48 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-05 21:02 . 2006-03-03 22:30 101888 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2009-11-05 21:02 . 2006-02-22 23:59 176128 ----a-w- c:\windows\system32\nvunrm.exe
2009-11-05 20:51 . 2008-07-23 20:24 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-05 20:21 . 2009-11-10 01:10 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-31 19:50 . 2009-11-01 02:46 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks
2009-10-24 10:50 . 2009-10-24 10:50 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\IECompatCache
2009-10-24 10:49 . 2009-10-24 10:49 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\PrivacIE
2009-10-22 22:48 . 2009-10-22 22:48 -------- d-----w- c:\windows\system32\scripting
2009-10-22 22:48 . 2009-10-22 22:48 -------- d-----w- c:\windows\l2schemas
2009-10-22 22:48 . 2009-10-22 22:48 -------- d-----w- c:\windows\system32\en
2009-10-22 22:48 . 2009-10-22 22:48 -------- d-----w- c:\windows\system32\bits
2009-10-22 21:34 . 2009-10-22 21:34 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-22 21:34 . 2009-10-22 21:34 -------- d-----w- c:\program files\Reference Assemblies
2009-10-22 21:34 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2009-10-22 21:33 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2009-10-22 21:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-22 21:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-22 21:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-22 21:33 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfil terpipelinesvc.exe
2009-10-22 21:33 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2009-10-22 21:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-22 21:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-22 21:33 . 2009-10-22 21:34 -------- d-----w- C:\a808487f304cecbf87
2009-10-22 21:25 . 2009-10-22 21:25 -------- d-----w- c:\program files\MSXML 6.0
2009-10-22 20:26 . 2009-10-22 20:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-22 20:23 . 2009-10-22 20:23 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\IETldCache
2009-10-22 20:18 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-22 20:18 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-22 20:17 . 2010-01-23 08:00 -------- d-----w- c:\windows\ie8updates
2009-10-22 20:16 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-22 20:13 . 2009-10-22 20:16 -------- dc-h--w- c:\windows\ie8
2009-10-22 19:32 . 2009-10-22 22:38 -------- d-----w- c:\windows\ServicePackFiles
2009-10-22 13:14 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-21 23:41 . 2009-10-21 23:41 9088 ---hatw- c:\windows\system32\drivers\CrucialSMBusScan.sys
2009-10-21 05:38 . 2009-10-21 05:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38 . 2009-10-21 05:38 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

dlampl1 · #11 January 24th, 2010, 01:37 AM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-01-21 21:30 . 2004-08-10 04:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-14 20:57 . 2009-05-26 10:54 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 17:45 . 2010-01-14 17:45 114688 ----a-w- c:\windows\~DF4D37.tmp
2010-01-14 17:45 . 2010-01-14 17:45 114688 ----a-w- c:\windows\~DF25F9.tmp
2010-01-14 17:44 . 2010-01-14 17:44 114688 ----a-w- c:\windows\~DF26BA.tmp
2010-01-14 17:44 . 2010-01-14 17:44 114688 ----a-w- c:\windows\~DFDA86.tmp
2010-01-14 17:44 . 2010-01-14 17:44 114688 ----a-w- c:\windows\~DF6F6C.tmp
2010-01-14 17:44 . 2010-01-14 17:44 114688 ----a-w- c:\windows\~DF2CDC.tmp
2010-01-14 17:43 . 2010-01-14 17:43 114688 ----a-w- c:\windows\~DFB976.tmp
2009-12-21 19:14 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 23:31 . 2006-08-30 21:50 85376 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-10 05:11 . 2006-08-30 21:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-21 15:51 . 2004-08-10 04:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 08:15 . 2006-08-30 21:53 -------- d-----w- c:\program files\Microsoft Works
2009-10-31 19:50 . 2009-10-31 19:50 143976 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\uninstall.exe
2009-10-31 19:50 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-10-22 22:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-22 22:53 . 2009-10-22 22:53 208896 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2009-10-22 22:53 . 2009-10-22 22:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSet up.exe
2009-10-22 22:53 . 2009-10-22 22:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-10-22 22:53 . 2009-10-22 22:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-10-22 22:53 . 2009-10-22 22:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-10-22 22:53 . 2009-10-22 22:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetect ion3.dll
2009-10-22 22:53 . 2009-10-22 22:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-10-22 22:53 . 2009-10-22 22:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-10-22 22:53 . 2009-10-22 22:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dl l
2009-10-21 05:38 . 2004-08-10 04:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 04:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-10 04:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-10-15 16:28 . 2004-08-10 04:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-10-13 10:30 . 2004-08-10 04:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-10 04:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-10 04:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18 . 2004-08-10 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-08-10 04:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-25 09:17 . 2004-08-10 04:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2009-08-14 16:03 . 2006-08-30 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Digital Interactive Systems Corporation
2009-08-14 13:21 . 2004-08-10 04:00 1850624 ----a-w- c:\windows\system32\win32k.sys
2009-08-07 00:24 . 2004-08-10 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-10 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-10 04:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-10 04:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-10 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2004-08-10 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-10 11:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-10 11:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-31 04:35 . 2004-08-10 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 19:01 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22 . 2004-08-10 04:00 1435648 ------w- c:\windows\system32\query.dll
2009-07-13 14:08 . 2004-08-10 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 21:17 . 2006-08-30 21:44 -------- d-----w- c:\program files\music_now
2009-06-25 18:36 . 2004-08-10 04:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-10 04:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-10 04:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-10 04:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-10 04:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-10 04:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-10 04:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-10 04:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-10 04:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-10 04:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-10 04:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-10 04:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:25 . 2004-08-10 04:00 730112 ------w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 04:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 04:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-10 04:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-24 11:18 . 2004-08-10 11:00 92928 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 11:48 . 2004-08-10 04:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-12 12:31 . 2004-08-10 04:00 80896 ------w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-10 11:00 76288 ------w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 04:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-10 04:00 2066432 ------w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 04:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 04:00 1291264 ------w- c:\windows\system32\quartz.dll
2009-05-10 01:22 . 2009-05-10 01:22 53424 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.exe
2009-05-07 15:32 . 2004-08-10 04:00 345600 ------w- c:\windows\system32\localspl.dll
2009-04-27 04:34 . 2009-04-27 04:34 83120 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP2.DLL
2009-04-27 04:34 . 2009-04-27 04:34 51376 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP3.DLL
2009-04-27 04:16 . 2009-04-27 04:16 90288 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP1.DLL
2009-04-27 04:16 . 2009-04-27 04:16 51376 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.DLL
2009-04-15 14:51 . 2004-08-10 04:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-09 13:04 . 2009-03-09 13:04 10134 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-03-09 12:55 . 2006-08-30 21:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-03-08 08:34 . 2004-08-10 04:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-10 04:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-10 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-10 04:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-10 04:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-10 04:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-10 04:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-10 04:00 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-10 04:00 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-10 04:00 284160 ------w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/22/2010 3:21 AM 130936]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [11/9/2009 8:10 PM 54752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/26/2009 8:51 PM 101936]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/9/2009 7:44 PM 30560]
S0 xlvb;xlvb;c:\windows\system32\drivers\zmltupc.sys --> c:\windows\system32\drivers\zmltupc.sys [?]
S2 gupdate1c9d0b3bc0bbbbe;Google Update Service (gupdate1c9d0b3bc0bbbbe);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2009 9:37 AM 133104]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\athfmwdl.sys [11/7/2008 11:29 AM 43392]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [11/7/2008 8:18 AM 17149]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [5/26/2009 5:54 AM 38224]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 10:35 AM 50704]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/6/2007 3:24 PM 116928]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/22/2010 3:19 AM 348752]
.
Contents of the 'Scheduled Tasks' folder

2007-01-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-09 14:36]

2007-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 14:37]

2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 14:37]

2010-01-23 c:\windows\Tasks\User_Feed_Synchronization-{9738D249-598D-4625-9472-63F13C06E154}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
Trusted Zone: trymedia.com
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{7C5C0F58-E061-457D-9033-77307F5ED00C} - (no file)
HKLM-Run-PCDrProfiler - (no file)
AddRemove-HijackThis - J:\HijackThis.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1 - c:\windows\unins000.exe

dlampl1 · #12 January 24th, 2010, 01:38 AM

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-01-23 19:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler. exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2007-01-23 19:28:22 - machine was rebooted
ComboFix-quarantined-files.txt 2007-01-24 00:28

Pre-Run: 172,391,682,048 bytes free
Post-Run: 173,360,685,056 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windo ws XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 91C26DBF3343F3DEE28BB4642FF0F146

**Jintan** · #13 January 25th, 2010, 12:19 AM

Gut busy, so sorry for the delay. ComboFix brought about some excellent progress there with all that it did. Let's repair more then check again after.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download OTM.exe by OldTimer to your desktop.

Then click OTM.exe to run it (Vista users, please right click on OTM.exe and select "Run as an Administrator").

Copy the file path(s) below (inside the Code box) to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy):

Code:

:files
c:\windows\system32\ygpss.scr
C:\ioixbmk.exe
C:\tegfcwpf.exe
:commands
[purity]
[emptytemp]

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window and select Paste. Then click the red MoveIt! button.

A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

-----------

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.

If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.

Post that log, a new RSIT scan log, the OTM log and the Malwarebytes log please.

dlampl1 · #14 January 25th, 2010, 03:44 AM

All processes killed
========== FILES ==========
c:\windows\system32\ygpss.scr moved successfully.
C:\ioixbmk.exe moved successfully.
C:\tegfcwpf.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 110367 bytes

User: All Users

User: Compaq_Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 54824386 bytes
->Java cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 406898 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 822385 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 18001919 bytes

Total Files Cleaned = 71.00 mb

OTM by OldTimer - Version 3.1.6.0 log created on 01242010_212954

Files moved on Reboot...

Registry entries deleted on Reboot...

MAN YOU GUYS ARE THE BEST THING ON THE INTERNET!!!!!!!!!!

dlampl1 · #15 January 25th, 2010, 04:10 AM

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/24/2010 10:10:09 PM
mbam-log-2010-01-24 (22-10-09).txt

Scan type: Quick Scan
Objects scanned: 125453
Time elapsed: 12 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)