1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] Task Administrator removal and follow up

Discussion in 'Malware and Virus Removal Archive' started by trayfield27, 2009/04/29.

  1. 2009/04/29
    trayfield27

    trayfield27 Inactive Thread Starter

    Joined:
    2009/04/29
    Messages:
    1
    Likes Received:
    0
    Requested files attached here
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/4/2006 9:47:44 PM
    System Uptime: 4/28/2009 10:44:54 PM (2 hours ago)

    Motherboard: ASUSTeK Computer INC. | | M2N-MX SE Plus
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | AM2 | 2611/200mhz
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | AM2 | 2611/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 114 GiB total, 16.904 GiB free.
    D: is CDROM ()
    I: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    32 Bit HP CIO Components Installer
    AC3File (remove only)
    AC3Filter (remove only)
    Adobe Acrobat 6.0 Professional
    Adobe ConnectNow
    Adobe Creative Suite
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.2
    Adobe SVG Viewer 3.0
    AIO_Scan
    AMD Processor Driver
    BlackBerry Desktop Software 4.2.2
    BufferChm
    C4200
    c4200_Help
    Comcast High-Speed Internet Install Wizard
    Compatibility Pack for the 2007 Office system
    Copy
    Critical Update for Windows Media Player 11 (KB959772)
    CustomerResearchQFolder
    Cypress USB Mass Storage Driver Installation
    Desktop Doctor
    Destinations
    DeviceManagementQFolder
    Digsby
    DocProc
    DocProcQFolder
    DriveCleaner Free 1.0.82.1
    eSupportQFolder
    Handbrake 0.9.2
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    HP Customer Participation Program 8.0
    HP Imaging Device Functions 8.0
    HP OCR Software 8.0
    HP Photosmart All-In-One Software 8.0
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Essential
    HP Product Assistant
    HP Smart Web Printing 1.0
    HP Solution Center 8.0
    HP Update
    HPProductAssistant
    HPSSupply
    IEEE 802.11g Wireless Cardbus/PCI Adapter
    Intelinet 3.1.0
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_02
    Logitech Desktop Messenger
    Logitech iTouch Software
    Logitech MouseWare 9.75
    MarketResearch
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2000 Premium
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio 2007 Service Pack 1 (SP1)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Standard 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0.9)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    My.Freeze.com Toolbar
    Napster
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    PS_AIO_ProductContext
    PS_AIO_Software
    PS_AIO_Software_min
    QUAD Registry Cleaner v.1.5.69
    QuickTime
    Realtek AC'97 Audio
    Realtek High Definition Audio Driver
    Roxio Burn Engine
    Roxio Easy Media Creator 7
    Roxio Media Manager
    Scan
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for Microsoft .NET Framework 2.0 (KB928365)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office Visio 2007 (KB957831)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB963027)
    SI3114
    SolutionCenter
    Status
    Toolbox
    TrayApp
    UnloadSupport
    Update for Office 2007 (KB946691)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911164)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    USB Storage Adapter FX (SM1)
    USS_USSPlugin 1.0.124.3
    Vuze
    Vuze Toolbar
    WebFldrs XP
    WebReg
    Windows Installer 3.1 (KB893803)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Xvid 1.1.3 final uninstall
    Yahoo! Messenger
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    4/28/2009 11:58:58 PM, error: Service Control Manager [7028] - The win32x Registry

    key denied access to SYSTEM account programs so the Service Control Manager took

    ownership of the Registry key.
    4/28/2009 10:46:54 PM, error: System Error [1003] - Error code 000000c2,

    parameter1 00000007, parameter2 00000cd4, parameter3 02040004, parameter4 89f04400.





    DDS (Ver_09-03-16.01) - NTFSx86
    Run by TrayC at 23:59:34.25 on Tue 04/28/2009
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1919.975 [GMT -7:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\wudfhost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
    C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\USS\USS.exe
    C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
    C:\WINDOWS\SM1BG.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DriveCleaner Free\UDC.exe
    C:\Program Files\Common Files\DriveCleaner Free\DNSE.exe
    C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe
    C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\WINDOWS\system32\frmwrk32.exe
    C:\windows\ld08.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Digsby\lib\digsby-app.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\USS\{5F608915-125D-404d-AC44-D78C760AE1A3}\wasffNT.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Silicon Image\SI3114\SiITray.exe
    C:\WINDOWS\System32\dll32.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\TrayC\Desktop\SetupAntivirusXP.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe
    C:\WINDOWS\system32\ntdll64.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Intelinet\Intelinet.exe
    C:\WINDOWS\system32\ntdll64.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\TrayC\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uWindow Title = Windows Internet Explorer provided by Comcast
    mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
    mStart Page = hxxp://www.comcast.net/
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyServer = http=localhost:7171
    uInternet Settings,ProxyOverride = *.local;<local>
    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=%s
    uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program

    files\my.freeze.com toolbar\NetAssistant.dll
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

    c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program

    files\asksearch\bin\DefaultSearch.dll
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} -

    c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

    files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program

    files\askbardis\bar\bin\askBar.dll
    BHO: {6205e7f4-242f-4c05-85b0-e2515b359eca} - c:\windows\system32\hugopora.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program

    files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web

    printing\SmartWebPrinting.dll
    BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com

    toolbar\NetAssistant.dll
    BHO: 796525 Class: {e7f15ac4-e0a9-43f0-921b-70dfea621220} - c:\windows\system32\796525\796525.dll
    BHO: XBTBPos00 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\my.freeze.com

    toolbar\freeze_us.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} -

    c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat

    6.0\acrobat\AcroIEFavClient.dll
    TB: My.Freeze.com Toolbar: {d0523bb4-21e7-11dd-9ab7-415b56d89593} - c:\program files\my.freeze.com

    toolbar\freeze_us.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

    c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program

    files\askbardis\bar\bin\askBar.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat

    6.0\acrobat\AcroIEFavClient.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [LDM] c:\program files\logitech\desktop

    messenger\8876480\program\LogitechDesktopMessenger.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [DriverCure] c:\program files\paretologic\drivercure\DriverCure.exe -scan
    uRun: [dll32] dll32
    uRun: [AntivirusXP.exe] c:\program files\antivirusxp\AntivirusXP.exe
    uRun: [QUAD Windows service] c:\program files\quad utilities\quad registry cleaner\QUAD Registry

    Cleaner.exe -h
    uRun: [QUAD Scheduler] c:\program files\quad utilities\quad registry cleaner\QUAD Scheduler.exe
    uRun: [Intelinet] c:\program files\intelinet\Intelinet.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
    mRun: [USS] "c:\program files\uss\USS.exe "
    mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_02\bin\jusched.exe
    mRun: [SM1BG] c:\windows\SM1BG.EXE
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe "
    mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [MRT] "c:\windows\system32\MRT.exe" /R
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [DriveCleaner Free] "c:\program files\drivecleaner free\UDC.exe" /min
    mRun: [DNSE] "c:\program files\common files\drivecleaner free\DNSE.exe" -c
    mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
    mRun: [dcsm] "c:\program files\common files\drivecleaner free\dcsm.exe "
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [AdobeVersionCue] c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [bumuluyibu] Rundll32.exe "c:\windows\system32\poninafi.dll ",s
    mRun: [Framework Windows] frmwrk32.exe
    mRun: [sysLDtray] c:\windows\ld08.exe
    mRun: [38399855] rundll32.exe "c:\windows\system32\beriwedu.dll ",b
    StartupFolder: c:\docume~1\trayc\startm~1\programs\startup\digsby.lnk - c:\program

    files\digsby\digsby.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program

    files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program

    files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program

    files\research in motion\blackberry\DesktopMgr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program

    files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\javasa~1.lnk - c:\program

    files\silicon image\si3114\run.bat
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program

    files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program

    files\microsoft office\office\OSA9.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program

    files\802.11 wireless lan\802.11g wireless cardbus & pci adapter hw.51 v1.00\WlanCU.exe
    uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

    c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\docume~1\trayc\locals~1\temp\ntdll64.dll
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

    hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

    hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} -

    hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

    hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program

    files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    AppInit_DLLs: c:\windows\system32\neruteya.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

    c:\windows\system32\WPDShServiceObj.dll
    LSA: Notification Packages = scecli c:\windows\system32\neruteya.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\trayc\applic~1\mozilla\firefox\profiles\7flew4zf.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage -

    hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.http_port - 7171
    FF - prefs.js: network.proxy.type - 1
    FF - plugin: c:\program files\java\j2re1.4.2_02\bin\NPJava11.dll
    FF - plugin: c:\program files\java\j2re1.4.2_02\bin\NPJava12.dll
    FF - plugin: c:\program files\java\j2re1.4.2_02\bin\NPJava13.dll
    FF - plugin: c:\program files\java\j2re1.4.2_02\bin\NPJava14.dll
    FF - plugin: c:\program files\java\j2re1.4.2_02\bin\NPJava32.dll
    FF - plugin: c:\program files\java\j2re1.4.2_02\bin\NPJPI142_02.dll
    FF - plugin: c:\program files\java\j2re1.4.2_02\bin\NPOJI610.dll

    ============= SERVICES / DRIVERS ===============

    R0 wasfsd;wasfsd;c:\windows\system32\drivers\wasfsd.sys [2008-6-7 11776]
    R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2003-12-19 6656]
    R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-2-18 464264]
    R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-2-18 234888]
    RUnknown win32x;win32x; [x]

    =============== Created Last 30 ================

    2009-04-28 23:59 <DIR> --d-h--- c:\windows\PIF
    2009-04-28 23:39 <DIR> --d----- c:\program files\Intelinet
    2009-04-28 23:21 <DIR> --d----- c:\docume~1\trayc\applic~1\QUAD Backups
    2009-04-28 23:21 <DIR> --d----- c:\program files\QUAD Utilities
    2009-04-28 23:17 104,960 a------- c:\windows\system32\ntdll64.exe
    2009-04-28 22:52 <DIR> --d----- c:\program files\AntivirusXP
    2009-04-28 22:47 2 ----h--- c:\windows\t55ft2692f44.dat
    2009-04-28 22:47 15,360 a------- c:\windows\system32\dll32.exe
    2009-04-28 22:47 <DIR> --d----- c:\windows\system32\796525
    2009-04-28 22:47 1,400 a------- c:\windows\system32\ahtn.htm
    2009-04-28 22:47 4,785 a------- c:\windows\system32\warning.gif
    2009-04-28 22:47 445 a------- c:\windows\system32\win32hlp.cnf
    2009-04-28 18:24 1,407,011 ---sh--- c:\windows\system32\udewireb.ini
    2009-04-28 18:24 1 a------- c:\windows\system32\uniq.tll
    2009-04-28 18:24 28,672 a------- c:\windows\system32\frmwrk32.exe
    2009-04-28 18:24 13,824 ----h--- c:\windows\ld08.exe
    2009-04-22 16:43 <DIR> --d----- c:\program files\Windows Media Connect 2
    2009-04-22 16:42 <DIR> --d----- c:\windows\system32\LogFiles
    2009-04-22 16:39 421,888 a------- c:\windows\system32\ac3filter.acm
    2009-04-22 16:39 <DIR> --d----- c:\program files\AC3Filter
    2009-04-22 16:35 <DIR> --d----- c:\program files\AC3File
    2009-04-22 16:31 765,952 a------- c:\windows\system32\xvidcore.dll
    2009-04-22 16:31 180,224 a------- c:\windows\system32\xvidvfw.dll
    2009-04-22 16:31 77,824 a------- c:\windows\system32\xvid.ax
    2009-04-22 16:31 <DIR> --d----- c:\program files\Xvid
    2009-04-19 23:11 54,156 a---h--- c:\windows\QTFont.qfn
    2009-04-19 23:11 1,409 a------- c:\windows\QTFont.for
    2009-04-15 00:39 35,328 ac------ c:\windows\system32\dllcache\sc.exe
    2009-04-15 00:39 35,328 a------- c:\windows\system32\sc.exe

    ==================== Find3M ====================

    2009-04-28 18:24 99,840 a--sh--- c:\windows\system32\beriwedu.dll
    2009-04-28 18:24 106,496 a--sh--- c:\windows\system32\kedulode.dll
    2009-04-28 18:24 58,880 a--sh--- c:\windows\system32\yihebure.exe
    2009-03-06 07:44 283,648 a------- c:\windows\system32\pdh.dll
    2009-02-20 01:30 659,456 a------- c:\windows\system32\wininet.dll
    2009-02-20 01:30 81,920 a------- c:\windows\system32\ieencode.dll
    2009-02-09 03:20 723,456 a------- c:\windows\system32\lsasrv.dll
    2009-02-09 03:20 399,360 a------- c:\windows\system32\rpcss.dll
    2009-02-09 03:20 554,496 a----r-- c:\windows\system32\twex.exe
    2009-02-09 03:20 714,752 a------- c:\windows\system32\ntdll.dll
    2009-02-09 03:20 616,960 a------- c:\windows\system32\advapi32.dll
    2009-02-09 03:19 1,846,272 a------- c:\windows\system32\win32k.sys
    2009-02-06 10:22 2,136,064 a------- c:\windows\system32\ntoskrnl.exe
    2009-02-06 10:14 110,592 a------- c:\windows\system32\services.exe
    2009-02-06 09:49 2,015,744 a------- c:\windows\system32\ntkrnlpa.exe
    2009-02-03 13:08 55,808 a------- c:\windows\system32\secur32.dll
    2003-08-27 15:19 36,963 a----r-- c:\program files\common files\SM1updtr.dll


    Thanks for your help and input on next steps!!
     
    trayfield27,
    #1
  2. 2009/05/08
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Hi and welcome


    What antivirus are you using on this computer?


    Enter the Windows Control Panel and double-click on Add/Remove Programs.
    double-click on the entry for
    DriveCleaner
    and
    My.Freeze.com Toolbar
    if they exists and allow the uninstall program to finish. Then exit the Add/Remove Programs screen and the Control Panel.






    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2
    Link 3

    [​IMG]


    [​IMG]
    --------------------------------------------------------------------
    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    (Click on this link to see a list of programs that should be disabled.)
    http://www.bleepingcomputer.com/forums/topic114351.html

    Please leave the flash drive plugged in while completing the following.

    Double click on Combo-Fix.exe & follow the prompts.

    Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

    No Validation is Required.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



    ** Please Note:
    At times ComboFix may appear to stall, please be patient.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

    Please only run the tool once, ty.

    Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
    Don't select to run the Recovery Console as we don't need it.
    By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

    You may need several replies to post the requested logs, otherwise they might get cut off.
     
    Juliet,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...