1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Windows keep closing me down

Discussion in 'Malware and Virus Removal Archive' started by blondie, 2010/01/23.

  1. 2010/01/23
    blondie

    blondie Inactive Thread Starter

    Joined:
    2010/01/23
    Messages:
    5
    Likes Received:
    0
    [Inactive] Windows keep closing me down

    Hi I am new here, not v computer literate and in need of help please?
    I had a nasty Trojan last week, got rid of it and ever since my computer keeps getting closed down with the message:

    OCOM service process launcher has terminated unexpecedtly and you will be closed down in x minutes.......

    then when I restart I get the message:
    to protect your computer Windows has closed this program -
    Name: Generic Host Process for Win32 Services (it was a Win32-something or other that was the name of the Trojan that was recently removed by the way).

    Then I am also getting this mesg sporadically -
    PS2.exe has encountered a problem and need to close.

    I am going nuts here as my computer is being closed down about every half an hour and I am trying to build a website (with great difficulty being a beginner) and would really appreciate some help to get things running smoothly again.
    Many thanks in advance for any advice.

    Mo
     
    blondie,
    #1
  2. 2010/01/23
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Mo

    A reminder from my post in your other thread :)

    Please read this as indicated at the head of the forum and post the logs requested in this thread.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2010/01/23
    blondie

    blondie Inactive Thread Starter

    Joined:
    2010/01/23
    Messages:
    5
    Likes Received:
    0
    Windows keep closing me down..... p.s.

    I don't know how to zip and attach the required logs to go with this earlier post......
    Can anyone help me pse? Mo
     
    blondie,
    #3
  5. 2010/01/23
    wildfire

    wildfire Getting Old

    Joined:
    2008/04/21
    Messages:
    4,649
    Likes Received:
    124
    Mo,

    No need to zip and attach...

    When DDS.TXT and ATTACH.TXT open in notepad, copy the log (Edit->Select All then Edit->Copy) and paste in your response to this thread (Edit -> Paste).

    You may be better posting twice, 1st with DDS.TXT then with ATTACH.TXT
     
    wildfire,
    #4
  6. 2010/01/23
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Unless you are a Contributing Member you cannot post attachments, but we require a copy of the logs to be posted here in your thread, not attached or zipped.

    Open each log (DDS & Attach.txt) in turn > Select All > Copy and Paste into your next post here in this thread.
     
    PeteC,
    #5
  7. 2010/01/23
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Wildfire is clearly not watching the footy this afternoon :D He posted seconds before me!
     
    PeteC,
    #6
  8. 2010/01/23
    blondie

    blondie Inactive Thread Starter

    Joined:
    2010/01/23
    Messages:
    5
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 07/10/2004 14:44:42
    System Uptime: 23/01/2010 15:10:24 (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | Diablo
    Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket 754 | 1995/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 108 GiB total, 59.944 GiB free.
    D: is FIXED (FAT32) - 4 GiB total, 0.332 GiB free.
    E: is CDROM ()
    G: is Removable
    L: is Removable
    M: is Removable
    N: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================


    Acrobat.com
    ACS PC Atlas
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3
    Aerosmith World
    Amazon MP3 Downloader 1.0.4
    AOL Coach Version 1.0(Build:20040229.1 uk)
    AOL Registration
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Control Panel
    ATI Display Driver
    Audio Converter
    AutoUpdate
    BitTorrent
    Bonjour
    CA Yahoo! Anti-Spy (remove only)
    Compatibility Pack for the 2007 Office system
    Convert
    Critical Update for Windows Media Player 11 (KB959772)
    DNA
    eBay Toolbar
    Express Burn Uninstall
    Express Rip Uninstall
    GdiplusUpgrade
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP Image Zone Plus 3.5
    HpSdpAppCoreApp
    IncrediMail Xe
    InterVideo WinDVD Player
    iTunes
    Java(TM) 6 Update 15
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Learn2 Player (Uninstall Only)
    Lexmark 1200 Series
    LightScribe 1.4.136.1
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    MB Free Tarot Software
    Media Audio Capture
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Baseline Security Analyzer 2.0.1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Disc 2
    Microsoft Picture It! Photo Standard 9
    Microsoft Protection Service
    Microsoft Reader
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows OneCare Live AntiSpyware and AntiVirus
    Microsoft Word 2002
    Microsoft Works 2004 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Mirar
    MobileMe Control Panel
    Mozilla Firefox (3.0.5)
    MSN Search Toolbar
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Multimedia Card Reader
    NavigationProgram
    Nero 7 Essentials
    NVIDIA Drivers
    NVIDIA Ethernet Driver
    NVIDIA GART Driver
    Nvu 1.0PR
    OpenMG Limited Patch 4.1-05-14-24-01
    OpenMG Secure Module 4.1.00
    overland
    PC-Doctor for Windows
    Personal Notepad v2.1.25
    Personal Reminder v2.0.32
    Photosmart 140,240,7200,7600,7700,7900 Series
    Power CD+G Burner
    PSShortcutsP
    Python 2.2 combined Win32 extensions
    QuarkXPress 5.01
    QuickTime
    RealPlayer Basic
    Schmap 2.0 Beta
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Smart Audio Converter
    Solar Fire v5
    Sonic Update Manager
    Spybot - Search & Destroy 1.4
    SUPERAntiSpyware Free Edition
    Sweet Home 3D
    Switch Uninstall
    Temperature Converter
    Trend Micro Anti-Spyware
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VersionTracker Pro Windows
    Viewpoint Media Player
    WebFldrs XP
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Yahoo! BrowserPlus
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    20/01/2010 20:54:07, error: Service Control Manager [7000] - The PC Tools Spyware Doctor service failed to start due to the following error: The system cannot find the file specified.
    20/01/2010 20:51:07, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
    20/01/2010 20:51:07, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    20/01/2010 20:20:22, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    20/01/2010 20:20:22, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    19/01/2010 19:07:46, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    19/01/2010 18:47:56, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 1 time(s).
    19/01/2010 16:16:56, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
    19/01/2010 16:12:21, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    19/01/2010 16:12:21, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    19/01/2010 16:12:21, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    19/01/2010 16:12:21, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    19/01/2010 16:12:08, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
    19/01/2010 16:12:08, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    19/01/2010 16:12:08, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
    19/01/2010 16:12:08, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    19/01/2010 16:12:08, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================
     
    blondie,
    #7
  9. 2010/01/23
    blondie

    blondie Inactive Thread Starter

    Joined:
    2010/01/23
    Messages:
    5
    Likes Received:
    0
    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Owner at 15:30:41.03 on 23/01/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.125 [GMT 0:00]


    ============== Running Processes ===============

    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\1132914884\ee\AOLSoftware.exe
    C:\hp\drivers\keyboard\PS2.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZU&fl=0&ptb=RJSft2BOcIrpIOCVS5pS6A&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
    uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
    uURLSearchHooks: H - No File
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~2\tools\iesdsg.dll
    BHO: {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} - No File
    BHO: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - No File
    BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~2\tools\iesdpb.dll
    BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
    TB: {9167da98-6f9b-46f1-991d-826cae46cab6} - No File
    TB: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    TB: {C4B1D3DA-5AA3-45D0-8494-3CA84F670A96} - No File
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: {E16DC1FE-7C34-43F2-B754-F3AD12DDF97C} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [IncrediMail] c:\progra~1\incred~1\bin\IncMail.exe /c
    uRun: [Weather] c:\progra~1\aws\weathe~1\Weather.EXE 1
    uRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
    uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe "
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [HostManager] c:\program files\common files\aol\1132914884\ee\AOLSoftware.exe
    mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
    mRun: [PS2] c:\hp\drivers\keyboard\PS2.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    dRun: [Spyware Doctor] "c:\program files\spyware doctor\swdoctor.exe" /Q
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: &Search
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~2\tools\iesdpb.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: internet
    Trusted Zone: limewire.com\www
    Trusted Zone: mcafee.com
    Trusted Zone: medscape.com\www
    Trusted Zone: myGenerics.com\www
    Trusted Zone: nutricentre.co.uk\www
    Trusted Zone: nutricentre.com\www
    Trusted Zone: tarot.com\www
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: YExplorer1_8US.CAB - hxxp://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://www.rawflow.com/passion/Rawflow.cab
    DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} - hxxps://www.plaxo.com/down/latest/PlaxoInstall.cab
    DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
    DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
    DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} - hxxp://www.greasypalm.co.uk/bho/update/GreasyPalm.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://www.crownbar.com/LNetCam.cab
    DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    DPF: {7D40ADF2-AD68-4959-ACEC-DA96BF5E6EB7} - hxxp://spywareremover.spybouncer.com/downloader.ocx
    DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - hxxp://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - hxxp://www.trendmicro.com/spyware-scan/as4web.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/msnmessengersetupdownloader.cab
    DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} - hxxps://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} - hxxp://esupport.aolsvc.aol.co.uk/uk/engine/aolcinst_uk_uk.cab
    DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - hxxp://www2.incredimail.com/contents/setup/downloader/imloader.cab
    Handler: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - c:\program files\schmap\schmap player\schmapdoclib.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\e0bhsqgu.default\
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\e0bhsqgu.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\owner\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============

    R1 ikhfile;File Security Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhfile.sys [2007-1-5 30592]
    R1 ikhlayer;Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhlayer.sys [2007-1-5 51072]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

    ============== File Associations ===============

    txtfile=c:\editpadclassic\EditPad.exe "%1 "

    =============== Created Last 30 ================

    2010-01-21 14:30:47 20348 ----a-w- c:\windows\system32\drivers\pcdrsrvc.sys
    2010-01-21 14:30:45 0 d-----w- c:\program files\PC-Doctor for Windows
    2010-01-21 14:27:55 827392 ----a-w- c:\windows\system32\FLASH.OCX
    2010-01-21 14:27:55 0 d-sh--w- c:\windows\ftpcache
    2010-01-19 19:06:04 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
    2010-01-19 19:04:14 0 d-----w- c:\program files\common files\Wise Installation Wizard
    2010-01-15 19:10:24 0 ----a-w- c:\windows\system32\11478.exe
    2010-01-15 18:50:19 0 ----a-w- c:\windows\system32\15724.exe
    2010-01-15 17:30:16 0 ----a-w- c:\windows\system32\18467.exe
    2010-01-15 16:46:35 0 ----a-w- c:\windows\system32\19169.exe
    2010-01-15 16:26:32 0 ----a-w- c:\windows\system32\26500.exe
    2010-01-15 16:06:30 0 ----a-w- c:\windows\system32\6334.exe
    2010-01-15 15:25:50 0 d-----w- C:\spoolerlogs
    2010-01-15 15:03:30 172032 ----a-w- c:\windows\aguritadumo.dll
    2009-12-27 21:28:50 0 d-----w- c:\program files\CA Yahoo! Anti-Spy
    2009-12-26 12:09:42 0 d-----w- c:\program files\Conduit
    2009-12-26 12:09:36 0 d-----w- c:\program files\Power_Karaoke
    2009-12-26 12:09:20 0 d-----w- c:\program files\common files\cdrdao
    2009-12-26 12:09:18 0 d-----w- c:\program files\Doblon
    2009-12-26 11:19:56 1047552 ----a-w- c:\windows\system32\MFC71U.DLL

    ==================== Find3M ====================

    2010-01-20 16:43:52 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
    2010-01-07 16:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 16:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
    2007-12-02 13:35:16 774144 -c--a-w- c:\program files\RngInterstitial.dll
    2006-11-30 21:00:32 2076 -c--a-w- c:\program files\uninstal.log
    2006-10-29 11:42:16 2080833 -c--a-w- c:\program files\Kasamba.exe
    2006-10-26 09:59:13 248 -c--a-w- c:\program files\Kasamba Help.url
    2006-09-05 19:16:33 995383 -c--a-w- c:\program files\MFC42.DLL
    2006-09-05 19:16:33 9274 -c--a-w- c:\program files\closed.wav
    2006-09-05 19:16:33 8074 -c--a-w- c:\program files\click.wav
    2006-09-05 19:16:33 55776 -c--a-w- c:\program files\message.wav
    2006-09-05 19:16:33 33119 -c--a-w- c:\program files\Message_PB.wav
    2006-09-05 19:16:33 22094 -c--a-w- c:\program files\Message_clnt.wav
    2006-09-05 19:16:33 15408 -c--a-w- c:\program files\hired.wav
    2006-09-05 19:16:33 10026 -c--a-w- c:\program files\ringin.wav
    2006-09-05 19:16:32 49152 -c--a-w- c:\program files\kupdater.exe
    2006-09-05 19:16:32 24576 -c--a-w- c:\program files\EcsHook.dll
    2005-02-10 11:39:36 479 -c--a-w- c:\program files\Shortcut to AOL 9.0.lnk
    2004-07-06 15:19:59 4 -c--a-w- c:\program files\attributes.cfg
    2004-09-18 18:54:49 56 -csha-r- c:\windows\system32\F9BCA12814.sys
    2004-09-18 18:54:49 1890 -csha-w- c:\windows\system32\KGyGaAvL.sys
    2008-08-13 14:30:51 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081320080814\index.dat

    ============= FINISH: 15:32:42.31 ===============
     
    blondie,
    #8
  10. 2010/01/23
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them,

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #9
  11. 2010/01/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.


    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Please, never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
     
    broni,
    #10

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...