Windows-no Disk

[francis]

Hi besttechie

i have a prob with my notebook. i keep getting a pop up msg: windows-no disk exception processing message c0000013 parameters 75b6bf7c 4 75b6bf7c 75b6bf7c. and i cant get rid of it.

also now i have seen that my virus protection detects some trojan and other.

what can i do? i need this sorted out

regards

Francis

[francis]

Hi all

i have had no reply so i did a hijackthis log to speed it up:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 06:30:02 PM, on 2009/02/18

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\WINDOWS\system32\ASUSTPE.exe

C:\WINDOWS\ASScrPro.exe

C:\Program Files\Atheros\ACU.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\PVSW\bin\w3dbsmgr.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\Program Files\ATK Hotkey\KBFiltr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\ATK Hotkey\WDC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\StkCSrv.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')

O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')

O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')

O4 - Startup: CCC.lnk = ?

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Silver Sands Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Silver Sands Poker\GameClient.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--

End of file - 11211 bytes

i hope this helps...

please reply ASAP

thanks

francis

[francis]

Hello is someone there? pleasse help me this is very important. my anti virus software has been deactivated by some kind if virus

please help me its been 2 days now.

thanks

francis

[rmurphy]

Your hijack this log looks clean. What is the exact message your antivirus is telling you?

Let's see if MBAM detects anything...

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[francis]

MBAM software does not do the scan.it freezes at a certain point.

there are a couple of things that are not working out.

msg pop up like: mom.exe, windows-no disk exception processing message c0000013 parameters 75b6bf7c 4 75b6bf7c 75b6bf7c.

also my anti virus cant start up it says that it cant start up.

ill do a hijackthis log because this have gone worse in just a couple of days. my flash drive cant even work anymore on my pc.it says that it does not reconise it.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 05:46:33 PM, on 2009/02/28

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\StkCSrv.exe

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\WINDOWS\system32\ASUSTPE.exe

C:\WINDOWS\ASScrPro.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Program Files\Atheros\ACU.exe

C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\ATK Hotkey\KBFiltr.exe

C:\Program Files\ATK Hotkey\WDC.exe

C:\PVSW\bin\w3dbsmgr.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster 2009\RegistryBooster.exe /S

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')

O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')

O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')

O4 - Startup: CCC.lnk = ?

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Silver Sands Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Silver Sands Poker\GameClient.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--

End of file - 10975 bytes

regards

francis

[rmurphy]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
   
2. Close any open browsers.
   
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   

   -----------------------------------------------------------

   
   

   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
     
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     

     -----------------------------------------------------------

     
     

• Close any open browsers.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  

-----------------------------------------------------------

[*]Double click on combofix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

[francis]

Here is my combofix.exe log:

ComboFix 09-02-28.01 - Dialtech 2009-03-01 14:36:06.5 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.511 [GMT 2:00]

Running from: c:\documents and settings\Dialtech\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ASC3360PR

-------\Service_asc3360pr

((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 )))))))))))))))))))))))))))))))

.

2009-02-28 23:51 . 2009-02-28 23:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg7

2009-02-28 08:49 . 2009-02-28 08:49 <DIR> d--hs---- C:\FOUND.002

2009-02-24 17:26 . 2009-02-24 17:27 <DIR> d-------- c:\program files\Uniblue

2009-02-24 17:26 . 2009-02-24 17:26 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{DF9C460B-7712-4CB5-9A47-549AB36ED2C6}

2009-02-24 16:37 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll

2009-02-24 16:37 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\dllcache\kbdjpn.dll

2009-02-24 16:37 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll

2009-02-24 16:37 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\dllcache\kbdkor.dll

2009-02-24 16:37 . 2008-04-14 05:39 6,144 --a------ c:\windows\system32\kbd106.dll

2009-02-24 16:37 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll

2009-02-24 16:37 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll

2009-02-24 16:37 . 2008-04-14 05:39 6,144 --a------ c:\windows\system32\dllcache\kbd106.dll

2009-02-24 16:37 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd101c.dll

2009-02-24 16:37 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd101b.dll

2009-02-24 16:37 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll

2009-02-24 16:37 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\dllcache\kbd103.dll

2009-02-11 17:23 . 2009-02-11 17:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-02-05 14:15 . 2009-02-05 14:15 <DIR> d--hs---- C:\FOUND.001

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-27 06:38 290,912 ----a-w c:\windows\xcopy.bin

2009-02-11 08:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 08:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-16 19:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll

2009-01-09 05:49 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2

2009-01-08 12:30 --------- d-----w c:\documents and settings\Gail Sham\Application Data\Yahoo!

2009-01-08 11:48 --------- d-----w c:\documents and settings\Gail Sham\Application Data\ATI

2009-01-08 09:23 --------- d-----w c:\program files\Windows Live SkyDrive

2009-01-08 09:23 --------- d-----w c:\program files\Windows Live

2009-01-08 09:23 --------- d-----w c:\program files\Microsoft

2009-01-08 09:11 --------- d-----w c:\program files\Common Files\Windows Live

2008-12-31 15:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll

2008-12-31 15:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe

2008-12-31 15:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll

2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe

2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-12-14 15:28 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys

2008-12-02 20:37 49,480 ----a-w c:\windows\system32\sirenacm.dll

2008-02-25 15:21 190 ----a-w c:\program files\Common Files\psasetup.log

2008-07-21 15:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072120080722\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 163840]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1366824]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 529696]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3960136]

"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster 2009\RegistryBooster.exe" [2008-12-16 2093352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7778304]

"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-07-12 303104]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 139264]

"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-07-19 123248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 860249]

"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-07-10 929792]

"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-03 131072]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 704512]

"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 167936]

"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1114112]

"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-01-16 184320]

"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-02-24 110960]

"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-02-24 110960]

"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 454745]

"WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 303104]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 214424]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-19 495616]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 648488]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 109424]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 131072]

c:\documents and settings\Gail Sham\Start Menu\Programs\Startup\

CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 131072]

c:\documents and settings\Dialtech\Start Menu\Programs\Startup\

CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 131072]

Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-24 454656]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 131072]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\bin\w3dbsmgr.exe [2007-04-15 181840]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\PVSW\\bin\\w3dbsmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Lantronix\\DeviceInstaller\\DeviceInstaller.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\RAPIMGR.EXE"=

"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\ABLKSR\\ABLKSR.exe"=

"c:\\Program Files\\Samsung\\Samsung SCX-4x21 Series\\PSU\\FaxRCP.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\WINDOWS\\ASScrProlog.exe"=

"c:\\WINDOWS\\system32\\ACEngSvr.exe"=

"c:\\Program Files\\Sony\\Sony Picture Utility\\PMBCore\\SPUVolumeWatcher.exe"=

"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=

"c:\\Program Files\\QuickTime\\qttask.exe"=

"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"=

"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe"=

"c:\\Program Files\\Wireless Console 2\\wcourier.exe"=

"c:\\Program Files\\Spyware Doctor\\SDTrayApp.exe"=

"c:\\WINDOWS\\system32\\WgaTray.exe"=

"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=

"c:\\Program Files\\ASUS\\ATK Media\\DMEDIA.EXE"=

"c:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe"=

"c:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=

"c:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe"=

"c:\\PROGRA~1\\MICROS~3\\rapimgr.exe"=

"c:\\WINDOWS\\system32\\wscntfy.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2008-02-24 24576]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2008-02-24 30208]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2008-02-24 1260672]

R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-02-24 57024]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 dp_usbser;Dupont USB Device for Legacy Serial Communication;c:\windows\system32\drivers\dp_usbser.sys [2008-09-16 101248]

S3 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2008-03-17 708176]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2008-06-26 c:\windows\Tasks\RegCure.job

- c:\documents and settings\Dialtech\Desktop\RegCure\RegCure.exe []

2008-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-03-01 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-02-24 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.za/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uLocal Page = \blank.htm

mStart Page = hxxp://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-01 14:41:32

Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SYSTEM32\ATI2EVXX.EXE

c:\windows\SYSTEM32\ATI2EVXX.EXE

c:\windows\SYSTEM32\ACS.EXE

c:\program files\JAVA\JRE6\BIN\JQS.EXE

c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE

c:\windows\SYSTEM32\IOCTLSVC.EXE

c:\program files\ASUS\NB PROBE\SPM\SPMGR.EXE

c:\windows\SYSTEM32\WGATRAY.EXE

c:\windows\system32\wscntfy.exe

c:\program files\ATK Hotkey\ATKOSD.exe

c:\windows\SYSTEM32\ACENGSVR.EXE

c:\progra~1\MICROS~3\rapimgr.exe

c:\program files\ATK Hotkey\KBFiltr.exe

c:\program files\ATK Hotkey\WDC.exe

.

**************************************************************************

.

Completion time: 2009-03-01 14:44:37 - machine was rebooted [Dialtech]

ComboFix-quarantined-files.txt 2009-03-01 12:44:36

ComboFix4.txt 2008-07-02 13:28:34

ComboFix3.txt 2008-07-04 06:22:42

ComboFix5.txt 2009-02-28 21:59:44

ComboFix2.txt 2008-07-04 06:24:52

Pre-Run: 18,871,123,968 bytes free

Post-Run: 20,780,384,256 bytes free

219 --- E O F --- 2009-02-25 22:14:34

Here is a new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:54:07 PM, on 2009/03/01

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\StkCSrv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\WINDOWS\system32\ASUSTPE.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\WINDOWS\ASScrPro.exe

C:\Program Files\Atheros\ACU.exe

C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\PVSW\bin\w3dbsmgr.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program Files\ATK Hotkey\KBFiltr.exe

C:\Program Files\ATK Hotkey\WDC.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\TEMP\winwvjt.exe

C:\WINDOWS\TEMP\jfco.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster 2009\RegistryBooster.exe /S

O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')

O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')

O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')

O4 - Startup: CCC.lnk = ?

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Silver Sands Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Silver Sands Poker\GameClient.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--

End of file - 10062 bytes

i had to uninstall my anti virus software cause combofix would not scan

regard

francis

[rmurphy]

Try running MBAM again. If it still freezes, try the following.

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  
• An icon will be created on your desktop. Double-click that icon to launch the program.
  
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  
• Under "Configuration and Preferences", click the Preferences button.
  
• Click the Scanning Control tab.
  
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
    
  • Scan for tracking cookies.
    
  • Terminate memory threats before quarantining.
    

  [*]Click the "Close" button to leave the control center screen.

  [*]Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

  [*]On the left, make sure you check C:\Fixed Drive.

  [*]On the right, under "Complete Scan", choose Perform Complete Scan.

  [*]Click "Next" to start the scan. Please be patient while it scans your computer.

  [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".

  [*]Make sure everything has a checkmark next to it and click "Next".

  [*]A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

  [*]If asked if you want to reboot, click "Yes".

  [*]To retrieve the removal information after reboot, launch SUPERAntispyware again.

  • Click Preferences, then click the Statistics/Logs tab.
    
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    
  • Please copy and paste the Scan Log results in your next reply.
    

  [*]Click Close to exit the program.

[francis]

hi there,

sorry man,the superantispyware could not perform the scan.every time i click on the "Scan for harmful software" the software freezes and then window msg comes up "not responding". Also tried mbam but still no luck.

do you think it could be a virus thats blocking these scans?

thank you for helping me.

i look forward to your reply

[rmurphy]

It might be that something is blocking them, can't tell for sure if it is an infection or not.

Let's see what happens if we try them in safe.

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Once you've logged into safe mode, try running both MBAM and SUPER (one at a time) according to the instructions previously given. Once they have finished (or failed), reboot and post the logs (or let me know it didn't work).

[francis]

thanks man. you reply quick.i appreciate it

thank you

[francis]

you wont believe it but my pc will not boot into safe mode. i keeps looping me qith the same questions.......

[rmurphy]

hmmm, really wish things would work...

Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Close all open windows except for HiJack This and click fix checked.

Reboot your computer.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Also post an Uninstall list...

To obtain an Uninstall list.

• Open HijackThis, click Config, click Misc Tools
  Click "Open Uninstall Manager"
  Click "Save List" (generates uninstall_list.txt)
  

[francis]

Eset log:

# version=4

# OnlineScanner.ocx=1.0.0.635

# OnlineScannerDLLA.dll=1, 0, 0, 79

# OnlineScannerDLLW.dll=1, 0, 0, 78

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=3897 (20090228)

# vers_arch_module=1.064 (20080214)

# vers_adv_heur_module=1.066 (20070917)

# EOSSerial=8a42996faa9056408eaa7c13984e5f4d

# end=stopped

# remove_checked=true

# unwanted_checked=true

# utc_time=2009-03-01 08:04:37

# local_time=2009-03-01 10:04:37 (+0200, South Africa Standard Time)

# country="South Africa"

# osver=5.1.2600 NT Service Pack 3

# scanned=1882

# found=12

# scan_time=30

C:\_OTMoveIt\MovedFiles\08082008_082430\Documents and Settings\Dialtech\Local Settings\Temp\tem37.tmp.exe Win32/Sality.NAR virus (cleaned) 00000000000000000000000000000000

C:\_OTMoveIt\MovedFiles\08082008_082430\Documents and Settings\Dialtech\Local Settings\Temp\upd5.tmp.exe Win32/Sality.NAR virus (cleaned) 00000000000000000000000000000000

C:\_OTMoveIt\MovedFiles\08082008_082430\Documents and Settings\Dialtech\My Documents\Music Downloads\faulty towers other.mpg WMA/TrojanDownloader.GetCodec.C trojan (unable to clean - deleted) 00000000000000000000000000000000

C:\_OTMoveIt\MovedFiles\08082008_082430\Documents and Settings\Dialtech\My Documents\Music Downloads\faulty towers.zip Win32/Adware.PlayMP3Z application (deleted) 00000000000000000000000000000000

C:\_OTMoveIt\MovedFiles\08082008_082430\Documents and Settings\Dialtech\My Documents\Music Downloads\faulty towers.zip »ZIP »Setup.exe Win32/Adware.PlayMP3Z application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

C:\_OTMoveIt\MovedFiles\08082008_082430\Documents and Settings\Dialtech\My Documents\Incomplete\T-5745425-faulty towers.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) 946084303D6A248419B787F94C813009

C:\Deckard\System Scanner\backup\DOCUME~1\Dialtech\LOCALS~1\Temp\setup_wm.exe Win32/Sality.NAR virus (cleaned) 00000000000000000000000000000000

C:\Deckard\System Scanner\backup\DOCUME~1\Dialtech\LOCALS~1\Temp\~nsu.tmp\Au_.exe Win32/Sality.NAR virus (cleaned) 00000000000000000000000000000000

C:\Deckard\System Scanner\backup\DOCUME~1\Dialtech\LOCALS~1\Temp\WMC0000.tmp\WMPAU.exe Win32/Sality.NAR virus (cleaned) 00000000000000000000000000000000

C:\DECCHECK\DECCHECK.exe Win32/Sality.NAR virus (cleaned) 00000000000000000000000000000000

C:\WINDOWS\ASScrProlog.exe Win32/Sality.NAR virus (cleaned) 00000000000000000000000000000000

C:\WINDOWS\ASScrPro.exe Win32/Sality.NAR virus (cleaned (after the next restart)) 00000000000000000000000000000000

uninstall list log.

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.3

Apple Software Update

ASUS InstantFun

ASUS Live Update

ASUS Splendid Video Enhancement Technology

ASUS Touch Pad Extra

Asus_Camera_ScreenSaver

Atheros Client Installation Program

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

ATI Parental Control & Encoder

ATK Hotkey

ATK Media

ATKOSD2

Bejeweled 2 Deluxe

Choice Guard

Compatibility Pack for the 2007 Office system

DivX Codec

DivX Converter

DivX Player

DivX Web Player

ESET Online Scanner

Google Toolbar for Internet Explorer

Google Toolbar for Internet Explorer

HijackThis 2.0.2

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Installation_Tool

Java 6 Update 11

Java 6 Update 3

Java 6 Update 7

Java SE Runtime Environment 6

Lantronix DeviceInstaller

LifeFrame2

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft ActiveSync

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Windows XP Video Decoder Checkup Utility

Motorola SM56 Speakerphone Modem

MSN

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

NB Probe

NeoConnect Manager V1.8

Nero 7 Essentials

neroxml

NoAdware v5.0

OfficeServ Manager Launch Pad Uninstall

OGA Notifier 1.7.0105.35.0

OpenOffice.org Installer 1.0

Pastel Xpress 2007

Pervasive System Analyzer

Pervasive.SQL 9.60 Workgroup for Windows

PL-2303 USB-to-Serial

Power4 Gear

QuickTime

Readiris Pro 9

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Samsung Call Manager-Rev 1.8H

Samsung SCX-4x21 Series

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB960715)

Segoe UI

Silver Sands Poker Version

SmarThru 4

SmarThru PC Fax

Sony Picture Utility

Spyware Doctor 5.0

Striata Reader

SUPERAntiSpyware Free Edition

Synaptics Pointing Device Driver

Uniblue RegistryBooster 2009

Uniblue RegistryBooster 2009

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

USB2.0 1.3M WebCam

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 10 Hotfix - KB894476

Windows Media Player 11

Windows Media Player 11

Windows XP Service Pack 3

WinFlash

Wireless Console 2

Yahoo! Toolbar

these seemed to work.

thanks

[francis]

hope to hear from you soon.catch you ;ater.

regards

francis

[rmurphy]

Uninstall the following programs:

Java™ 6 Update 3

Java™ 6 Update 7

Java™ SE Runtime Environment

Delete the following folder: C:\_OTMoveIt\

Reboot the computer.

Sality was found, which can be a system killer. However, it doesn't seem to have been too bad of an infection. Let's see if Dr.Web CureIt can find other traces of it.

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, mark the drives that you want to scan.
  
• Select all drives. A red dot shows which drives have been chosen.
  
• Click the green arrow at the right, and the scan will start.
  
• Click 'Yes to all' if it asks if you want to cure/move the file.
  
• When the scan has finished, in the menu, click file and choose save report list
  
• Save the report to your desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
  

[francis]

I deleted the java updates and deleted the otmoveit folder in program files

but when i clicked on the link for dr web cureit it closed down internet explorer.i tried this a couple of times. i think there is something blocking these programs?

regards

francis

[rmurphy]

Please check your Private Messages. I have sent you one with instructions.

[francis]

Hi ryan

for some reason i cannot down load my mail and download anything from internet. so i got another pc from a friend and downloaded the dr web,installed it on my pc but freezes when i do a scan.it says that its not responding.

this getting very bad hey i cant do work cause i cant get email.

francis

[rmurphy]

• Download OTListIt2 to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    

[francis]

could not do this scan aswel...things are not looking good. i cant even go into "My Computer".

do you think i need to back up and do a complete new installation? or would you get this to work?

francis

[rmurphy]

Without knowing the full extent of the sality infection, it's probably safer (and with the trouble we're having, easier) to just back up your documents (no exe or scr files) and reformat. We probably could get it all to work, it would just take longer, and if we can't get it to, you'll end up reformatting anyways.

Let me know what you want to do.

-Ryan