1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Pen drive showing 0 bytes free used space,system restore disabled

Discussion in 'Malware and Virus Removal Archive' started by shankhangs, 2009/10/30.

  1. 2009/10/30
    shankhangs

    shankhangs Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    1
    Likes Received:
    0
    [Active] Pen drive showing 0 bytes free used space,system restore disabled

    Dear sir,
    I m new member to this forum.My pen drives when inserted show 0 bytes free and used space.Also when i try to open them up a message comes whether I want to format my pen drive or not.When i click yes a message comes that Windows Cannot format the drive F:\ since my removable drive is F.When i try to eject my pen drive a message is displayed which says that the pen dive cannot be ejected because it is being used by window program.
    I have bit defender installed on my computer but it has not detected any virus, spyware.When i tried to restore my system back i observed that system restore has been deactivated by group policy and i don't know How it happened?
    I also installed true sword 5 but still did not detect any virus , spyware etc.
    I m posting logs of DDS

    DDS (Ver_09-10-26.01) - NTFSx86
    Run by Shanks at 19:48:48.84 on 30-10-2009
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.91.1033.18.3068.1810 [GMT 5.5:30]

    AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\STacSV.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vfsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\aestsrv.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\TUProgSt.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Users\Shanks\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\WordWeb\wweb32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Windows\ehome\ehsched.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\ehome\ehRecvr.exe
    c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\FREEDO~1\fdm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Shanks\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=83&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=83&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=83&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=83&bd=Pavilion&pf=cnnb
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [googletalk] c:\users\shanks\appdata\roaming\google\google talk\googletalk.exe /autostart
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [fsm]
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0 "
    mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [nxpclient] c:\program files\airtel\netxpert\bin\sprtcmd.exe /P nxpclient
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe "
    mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe "
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [NWEReboot]
    mRun: [InCD] c:\program files\ahead\incd\InCD.exe
    dRunOnce: [<NO NAME>]
    StartupFolder: c:\users\shanks\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-in\local\search.html
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activatemydsl.airtelbroadband.in/AirtelDSL/dslchoice/html/downloads/tgctlcm.cab
    DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli DPPWDFLT
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\shanks\appdata\roaming\mozilla\firefox\profiles\myrii43n.default\
    FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
    FF - component: c:\program files\mozilla firefox\components\FFComm.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_04e021df\AEstSrv.exe [2008-9-5 73728]
    R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
    R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-7-2 82696]
    R2 BsUDF;BsUDF;c:\windows\system32\drivers\bsudf.sys [2009-10-23 291545]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 19456]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-31 361808]
    R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);c:\program files\airtel\netxpert\bin\sprtsvc.exe [2009-1-15 202800]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-2-9 603904]
    R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-28 599344]
    R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2008-9-5 934912]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 111112]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-31 193840]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-11 84240]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-14 43552]
    R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-28 40752]
    S2 .norton2009Reset;Norton 2009 Reset;c:\programdata\norton\Norton2009Reset.exe [2009-3-25 281625]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]

    =============== Created Last 30 ================

    2009-10-29 16:55:09 0 d-----w- c:\program files\True Sword 5
    2009-10-24 19:00:19 428544 ----a-w- c:\windows\system32\EncDec.dll
    2009-10-24 19:00:18 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2009-10-24 19:00:18 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2009-10-24 19:00:17 80896 ----a-w- c:\windows\system32\MSNP.ax
    2009-10-24 19:00:17 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2009-10-24 17:19:07 213504 ----a-w- c:\windows\system32\msv1_0.dll
    2009-10-24 17:09:55 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-10-24 17:09:54 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-10-23 12:02:53 499768 ----a-r- c:\windows\NuNInst.exe
    2009-10-23 12:02:53 291545 ----a-r- c:\windows\system32\drivers\bsudf.sys
    2009-10-23 12:02:53 26431 ----a-r- c:\windows\NuNInst.cfg
    2009-10-23 12:01:02 254224 ----a-w- c:\windows\system32\drmclien.dll
    2009-10-23 11:43:24 61440 ----a-w- c:\windows\system32\msasn1.dll
    2009-10-23 11:43:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
    2009-10-23 11:42:24 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2009-10-07 14:44:25 0 d-----w- C:\xpsp2

    ==================== Find3M ====================

    2009-10-30 13:00:20 127838 ----a-w- c:\programdata\nvModes.dat
    2009-10-29 19:52:25 81984 ----a-w- c:\windows\system32\bdod.bin
    2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-08-27 13:32:41 833024 ----a-w- c:\windows\system32\wininet.dll
    2009-08-27 13:29:25 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-08-27 10:58:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-08-17 18:03:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
    2009-08-14 16:29:41 17920 ----a-w- c:\windows\system32\netevent.dll
    2009-08-14 16:29:41 104960 ----a-w- c:\windows\system32\netiohlp.dll
    2009-08-14 14:16:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
    2009-08-14 14:16:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
    2009-08-14 14:16:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
    2009-08-14 14:16:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2009-08-14 14:16:50 19968 ----a-w- c:\windows\system32\ARP.EXE
    2009-08-14 14:16:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
    2009-08-14 14:16:49 10240 ----a-w- c:\windows\system32\finger.exe
    2009-08-10 13:09:32 68688 ----a-w- c:\windows\system32\bda859.tmp
    2009-04-09 18:27:56 86016 ----a-w- c:\windows\inf\infstor.dat
    2009-04-09 18:27:56 51200 ----a-w- c:\windows\inf\infpub.dat
    2009-04-09 18:27:56 143360 ----a-w- c:\windows\inf\infstrng.dat
    2008-07-31 12:26:57 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-05-01 15:08:33 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2009-05-01 15:08:33 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2009-05-01 15:08:33 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
    2009-01-03 13:45:54 22 --sha-w- c:\windows\sminst\HPCD.sys
    2008-07-31 12:25:42 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

    ============= FINISH: 19:50:39.64 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-10-26.01)

    Microsoft® Windows Vistaâ„¢ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 05-09-2008 08:54:25
    System Uptime: 30-10-2009 18:28:04 (1 hours ago)

    Motherboard: Compal | | 30F8
    Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | CPU | 2000/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 288 GiB total, 159.061 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 1.736 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    µTorrent
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office system
    800score.com Sample GMAT GRE Math Test
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0
    Adobe Reader 9
    AGEIA PhysX v6.10.25
    Agere Systems HDA Modem
    Airtel NetXpert 2.0
    AOL Toolbar 5.0
    AVerMedia MCE Encoder x86 3.2.1.84
    BitDefender Total Security 2009
    Broadcom 802.11 Wireless LAN Adapter
    Business Contact Manager for Outlook 2007 SP1
    Cards_Calendar_OrderGift_DoMorePlugout
    CCleaner (remove only)
    CurveExpert 1.3
    CyberLink DVD Suite
    CyberLink YouCam
    DigitalPersona Personal 3.0.1
    ESU for Microsoft Vista
    Flash Movie Player 1.5
    Foxit Reader
    Free Download Manager 3.0
    Google Talk (remove only)
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Easy Setup - Frontend
    HP Help and Support
    HP Integrated Module with Bluetooth wireless technology 6.0.1.6203
    HP MiniCard Hybrid TV 1.3.0.48
    HP MULTIPLE MODEM INSTALLER for VISTA
    HP Photosmart Essential 2.5
    HP Quick Launch Buttons 6.40 D3
    HP QuickTouch 1.00 D2
    HP Total Care Advisor
    HP Update
    HP User Guides 0101
    HP Wireless Assistant
    HPNetworkAssistant
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabel_Tattoo
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotoSmartPhotobookHolidayPack1
    HPPhotoSmartPhotobookModernPack1
    HPPhotoSmartPhotobookPlayfulPack1
    HPPhotoSmartPhotobookScrapbookPack1
    HPPhotoSmartPhotobookWebPack1
    IDT Audio
    InCD (ahead software)
    J2SE Runtime Environment 5.0 Update 5
    Java(TM) 6 Update 15
    Java(TM) 6 Update 5
    JMicron JMB38X Flash Media Controller
    K-Lite Mega Codec Pack 1.25
    LabelPrint
    LightScribe System Software 1.12.33.2
    LiveUpdate (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB929729)
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Reader
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0.15)
    MSXML 4.0 SP2 (KB954430)
    muvee autoProducer 6.1
    My HP Games
    NVIDIA Drivers
    Power2Go
    PowerDirector
    ProtectSmart Hard Drive Protection
    PSSWCORE
    Rail Simulator
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Software Informer 1.0 BETA
    Touch Pad Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB969907)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB974810)
    Validity Sensors software
    VideoLAN VLC media player 0.8.6c
    VideoToolkit01
    WinRAR archiver
    WordWeb

    ==== Event Viewer Messages From Past Week ========

    26-10-2009 23:12:25, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).
    26-10-2009 21:19:00, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).
    26-10-2009 20:03:14, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).
    26-10-2009 19:38:57, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).
    25-10-2009 19:47:26, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).
    25-10-2009 14:27:11, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    25-10-2009 02:58:26, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 2147943515.
    25-10-2009 00:03:19, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001EECA772D8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    24-10-2009 22:40:12, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).
    24-10-2009 22:07:05, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
    24-10-2009 22:05:50, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
    24-10-2009 22:05:06, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    24-10-2009 22:04:41, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    24-10-2009 22:04:41, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    24-10-2009 22:04:41, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.
    24-10-2009 22:04:41, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and that the volume is not corrupted.
    24-10-2009 22:04:41, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and that the volume is not corrupted.
    24-10-2009 22:04:41, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and that the volume is not corrupted.
    24-10-2009 22:04:41, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    24-10-2009 22:04:41, Error: Service Control Manager [7000] - The WebDav Client Redirector Driver service failed to start due to the following error: The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and that the volume is not corrupted.
    24-10-2009 22:04:41, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and that the volume is not corrupted.
    24-10-2009 22:04:08, Error: Microsoft-Windows-TaskScheduler [701] - Task Scheduler service failed to start Task Compatibility module. Tasks may not be able to register on previous Window versions. Additional Data: Error Value: 2147943405.
    23-10-2009 15:26:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton 2009 Reset service to connect.
    23-10-2009 15:26:57, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    23-10-2009 15:26:57, Error: Service Control Manager [7000] - The Norton 2009 Reset service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================
     
  2. 2009/10/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     

  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.