1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Symptom: Lost ability to provide a password on the login screen

Discussion in 'Malware and Virus Removal Archive' started by InSeattle, 2009/07/24.

  1. 2009/07/24
    InSeattle

    InSeattle Inactive Thread Starter

    Joined:
    2009/07/22
    Messages:
    7
    Likes Received:
    0
    [Active] Symptom: Lost ability to provide a password on the login screen

    Windows XP/SP3
    Security SW: ZoneAlarm Pro, NAV 2009

    I lost the ability to enter a password on my login screen a couple of days ago. Using Safe Mode encountered the same issues. Through the help of this forum, I was able to login by doing 2 Ctrl-Alt-Del's and have left the cpr running ever since. Looking to check to see if this behavior might have been caused by malware or just an "update gone wild ".

    Thanks in advance!

    DDS.TXT


    DDS (Ver_09-06-26.01) - NTFSx86
    Run at 8:29:51.59 on Fri 07/24/2009
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1187 [GMT -7:00]

    AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    c:\xampp\apache\bin\apache.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
    C:\xampp\apache\bin\apache.exe
    C:\xampp\mysql\bin\mysqld.exe
    C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\BRMFRSMG.EXE
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\MXOALDR.EXE
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    C:\xampp\mysql\bin\winmysqladmin.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\mmc.exe
    C:\Documents and Settings\Lori Pearsall\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
    uStart Page = about:blank
    uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=11522
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: : {4d25f921-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\1.bin\deSrcAs.dll
    BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.5.0.134\IPSBHO.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: ViewerHelper Class: {78104a01-8e71-4f30-9a36-3793799615b4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SyncfusionUpdateNotifier] c:\program files\syncfusion\essential suite\2.1.0.9\updatenotifier.exe
    uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe "
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe "
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
    mRun: [P17Helper] Rundll32 P17.dll,P17Helper
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [MXO Auto Loader] c:\windows\MXOALDR.EXE
    mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
    mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    StartupFolder: c:\docume~1\loripe~1\startm~1\programs\startup\winmys~1.lnk - c:\xampp\mysql\bin\winmysqladmin.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: localhost
    Trusted Zone: verizon.net\webmail
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://www.co.jefferson.wa.us/imw32o40.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109973883921
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182706019265
    DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://amazon.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://jameschristensenart.spaces.live.com/PhotoUpload/MsnPUpld.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218924949962&h=aa1aac1c0e425c3b6aab8b2133a63a19/&filename=jinstall-6u7-windows-i586-jc.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://142.22.58.150/activex/AxisCamControl.cab
    DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
    DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - hxxp://moneycentral.msn.com/cabs/pmupdate2.exe
    DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.co.jefferson.wa.us/PrntPRO2.cab
    DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
    DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - hxxp://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
    Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
    Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
    Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
    Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
    Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath -

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1005000.086\SymEFA.sys [2009-3-20 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [2009-3-20 258608]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1005000.086\cchpx86.sys [2009-3-20 482352]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090715.003\IDSXpx86.sys [2009-7-18 276344]
    R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2006-11-19 8576]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-3-5 353672]
    R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-12-9 24636]
    R2 MSSEARCH;Microsoft Search;c:\program files\common files\system\mssearch\bin\mssearch.exe [2005-3-4 69632]
    R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.5.0.134\ccSvcHst.exe [2009-3-20 115560]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2005-3-5 2944]
    R3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2005-3-5 3168]
    R3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BRPARWDM.SYS [2005-3-4 39552]
    R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2005-3-5 60416]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090723.066\NAVENG.SYS [2009-7-24 87888]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090723.066\NAVEX15.SYS [2009-7-24 875728]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2005-3-5 15576]

    =============== Created Last 30 ================

    2009-07-03 09:44 <DIR> --d----- C:\Save
    2009-06-28 09:50 <DIR> --d----- c:\program files\Collage Maker3

    ==================== Find3M ====================

    2009-07-24 07:59 4,212 a---h--- c:\windows\system32\zllictbl.dat
    2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
    2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
    2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
    2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
    2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
    2009-06-03 12:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
    2009-05-21 11:46 268,288 -------- c:\windows\system32\dllcache\httpext.dll
    2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
    2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
    2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
    2009-04-28 21:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
    2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
    2009-04-28 21:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
    2009-04-28 21:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
    2009-04-28 21:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
    2009-04-28 21:56 105,984 -------- c:\windows\system32\dllcache\url.dll
    2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
    2009-04-28 21:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
    2009-04-28 21:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
    2009-04-28 21:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
    2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
    2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
    2008-08-16 11:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081620080817\index.dat

    ============= FINISH: 8:30:24.26 ===============

    ATTACH.TXT


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-06-26.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/4/2005 12:45:19 PM
    System Uptime: 7/22/2009 5:57:06 PM (39 hours ago)

    Motherboard: Dell Inc. | | 0U7077
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 230 GiB total, 172.701 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 234 GiB total, 187.042 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1417: 4/26/2009 2:24:39 PM - System Checkpoint
    RP1418: 4/27/2009 9:16:02 PM - System Checkpoint
    RP1419: 4/28/2009 9:31:00 PM - System Checkpoint
    RP1420: 4/29/2009 9:34:25 PM - System Checkpoint
    RP1421: 4/30/2009 9:47:57 PM - System Checkpoint
    RP1422: 5/3/2009 9:34:01 PM - System Checkpoint
    RP1423: 5/4/2009 10:12:28 PM - System Checkpoint
    RP1424: 5/5/2009 10:56:53 PM - System Checkpoint
    RP1425: 5/7/2009 9:13:04 AM - System Checkpoint
    RP1426: 5/8/2009 10:05:11 AM - System Checkpoint
    RP1427: 5/9/2009 10:39:53 AM - System Checkpoint
    RP1428: 5/10/2009 12:44:19 PM - System Checkpoint
    RP1429: 5/11/2009 7:24:42 PM - System Checkpoint
    RP1430: 5/12/2009 8:18:44 PM - System Checkpoint
    RP1431: 5/13/2009 9:19:13 PM - System Checkpoint
    RP1432: 5/14/2009 9:27:15 PM - System Checkpoint
    RP1433: 5/15/2009 10:16:57 PM - System Checkpoint
    RP1434: 5/16/2009 10:35:07 PM - System Checkpoint
    RP1435: 5/17/2009 10:51:18 PM - System Checkpoint
    RP1436: 5/19/2009 9:37:08 PM - System Checkpoint
    RP1437: 5/20/2009 10:35:27 PM - System Checkpoint
    RP1438: 5/22/2009 10:14:49 AM - System Checkpoint
    RP1439: 5/23/2009 8:20:51 PM - System Checkpoint
    RP1440: 5/24/2009 9:30:09 PM - System Checkpoint
    RP1441: 5/25/2009 10:12:07 PM - System Checkpoint
    RP1442: 5/26/2009 10:43:37 PM - System Checkpoint
    RP1443: 5/28/2009 8:49:52 AM - System Checkpoint
    RP1444: 5/29/2009 6:36:05 PM - System Checkpoint
    RP1445: 5/30/2009 6:47:22 PM - System Checkpoint
    RP1446: 5/31/2009 7:36:53 PM - System Checkpoint
    RP1447: 6/1/2009 10:18:43 PM - System Checkpoint
    RP1448: 6/2/2009 11:29:58 PM - System Checkpoint
    RP1449: 6/3/2009 11:31:23 PM - System Checkpoint
    RP1450: 6/5/2009 12:06:38 AM - System Checkpoint
    RP1451: 6/6/2009 2:11:50 PM - System Checkpoint
    RP1452: 6/7/2009 2:45:02 PM - System Checkpoint
    RP1453: 6/8/2009 7:04:39 PM - System Checkpoint
    RP1454: 6/9/2009 11:36:38 PM - System Checkpoint
    RP1455: 6/10/2009 11:42:35 PM - System Checkpoint
    RP1456: 6/11/2009 11:26:10 PM - Software Distribution Service 3.0
    RP1457: 6/13/2009 12:12:46 AM - System Checkpoint
    RP1458: 6/15/2009 9:35:06 PM - System Checkpoint
    RP1459: 6/16/2009 10:24:53 PM - System Checkpoint
    RP1460: 6/17/2009 11:10:24 PM - System Checkpoint
    RP1461: 6/19/2009 12:38:05 PM - System Checkpoint
    RP1462: 6/20/2009 1:04:05 PM - System Checkpoint
    RP1463: 6/21/2009 6:00:09 PM - System Checkpoint
    RP1464: 6/22/2009 8:41:12 PM - System Checkpoint
    RP1465: 6/23/2009 8:44:30 PM - System Checkpoint
    RP1466: 6/24/2009 9:34:23 PM - System Checkpoint
    RP1467: 6/25/2009 10:12:19 PM - System Checkpoint
    RP1468: 6/26/2009 10:35:53 PM - System Checkpoint
    RP1469: 6/28/2009 9:49:58 AM - Installed Collage Maker
    RP1470: 6/30/2009 8:56:31 AM - System Checkpoint
    RP1471: 7/1/2009 8:35:44 PM - System Checkpoint
    RP1472: 7/2/2009 8:52:26 PM - System Checkpoint
    RP1473: 7/3/2009 9:25:36 PM - System Checkpoint
    RP1474: 7/4/2009 9:32:25 PM - System Checkpoint
    RP1475: 7/5/2009 9:53:44 PM - System Checkpoint
    RP1476: 7/6/2009 10:09:38 PM - System Checkpoint
    RP1477: 7/7/2009 10:26:43 PM - System Checkpoint
    RP1478: 7/8/2009 10:30:09 PM - System Checkpoint
    RP1479: 7/10/2009 9:58:21 AM - System Checkpoint
    RP1480: 7/11/2009 2:00:27 PM - System Checkpoint
    RP1481: 7/12/2009 4:19:19 PM - System Checkpoint
    RP1482: 7/13/2009 8:09:46 PM - System Checkpoint
    RP1483: 7/14/2009 9:08:36 PM - System Checkpoint
    RP1484: 7/15/2009 9:14:35 PM - System Checkpoint
    RP1485: 7/16/2009 9:20:09 PM - System Checkpoint
    RP1486: 7/18/2009 8:43:59 AM - System Checkpoint
    RP1487: 7/19/2009 10:34:10 AM - System Checkpoint
    RP1488: 7/19/2009 11:06:26 PM - Software Distribution Service 3.0
    RP1489: 7/20/2009 11:26:10 PM - System Checkpoint
    RP1490: 7/22/2009 7:21:50 PM - System Checkpoint
    RP1491: 7/23/2009 8:13:59 PM - System Checkpoint

    ==== Installed Programs ======================

    Acrobat.com
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Recommended Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Extra Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Contribute CS4
    Adobe Creative Suite 4 Web Premium
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.1
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Apple Software Update
    ArcSoft Camera Suite
    ArtIcons Pro
    Bejeweled 2 for Pocket PC
    Beyond Compare Version 3.1.3
    Broadcom Advanced Control Suite 2
    Canon Digital Camera USB WIA Driver
    Canon PhotoRecord
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RAW Image Converter
    Canon Utilities RemoteCapture 2.1
    Canon Utilities ZoomBrowser EX
    Collage Maker
    Compare It!
    Compatibility Pack for the 2007 Office system
    Connect
    Creative MediaSource
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Media Experience
    Dell Media Experience Update
    Dell Networking Guide
    Dell Picture Studio v3.0
    Dell Support 5.0.0 (766)
    Dell System Restore
    Garmin City Navigator North America NT 2009 Update
    Garmin City Navigator North America NT v8
    Garmin MapSource
    Garmin POI Loader
    Garmin WebUpdater
    Glyph (remove only)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB952287)
    InstallShield for Microsoft Visual C++ 6
    Intel Application Accelerator
    Intel(R) 537EP V9x DF PCI Modem
    IntelliMover
    Internet Explorer Default Page
    Jasc Paint Shop Photo Album 5
    Jasc Paint Shop Pro Studio, Dell Editon
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 7
    JoomlaPack Native Tools 2009.1 (Special Edition)
    jZip
    KODAK EASYSHARE Gallery Upload ActiveX Control
    kuler
    Learn2 Player (Uninstall Only)
    Logitech MouseWare 9.79.1
    Maxtor OneTouch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft ActiveSync
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Suite 2006
    Microsoft Digital Image Suite 2006 Editor
    Microsoft Digital Image Suite 2006 Library
    Microsoft FrontPage Client - English
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Live Meeting 2005
    Microsoft Office Professional Edition 2003
    Microsoft Office Sounds
    Microsoft Office Word 2003 XML SDK
    Microsoft Office XP Professional with FrontPage
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft SQL Server 2000
    Microsoft SQL Server 2000 Analysis Services
    Microsoft Tablet PC Platform SDK Version 1.5
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visio for Enterprise Architects SR-1 [English]
    Microsoft Visual C++ .NET Step by Step--Version 2003
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft Visual Studio .NET Enterprise Architect 2003 - English
    Microsoft Visual Studio 6.0 Enterprise Edition
    Microsoft Voice Command US PPC 1.60 for M2M
    Microsoft Web Publishing Wizard 1.53
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (3.0.9)
    MSDE 2000 Deployment Toolkit 1.0
    MSDN Library - Visual Studio 6.0
    MSDN Library for Visual Studio .NET 2003
    MSN Money Investment Toolbox
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 Parser and SDK
    Musicmatch MCE
    Musicmatch® Jukebox
    My Way Search Assistant
    MySQL Tools for 5.0
    NVIDIA Drivers
    OLYMPUS Master 2
    OLYMPUS muvee theaterPack
    PDF Settings CS4
    Photo Click
    Photoshop Camera Raw
    Pixel Bender Toolkit
    PowerDVD 5.3
    QFolder
    Qualxserve Service Agreement
    QuickTime
    RealPlayer
    Retrospect 6.0
    Rhapsody
    Rhapsody Player Engine
    Rights Management Add-on for Internet Explorer
    RiverSoft Sam (02.000.0137)
    Sandlot Games Client Services 1.2.2
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB973346)
    SmartFTP Client
    SmartFTP Client 3.0 Setup Files (remove only)
    Sonic DLA
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    Sound Blaster Live! 24-bit
    Spb Bubbles
    Spb Pocket Plus
    Sprite Backup
    Spybot - Search & Destroy 1.4
    StumbleUpon IE Toolbar
    Suite Shared Configuration CS4
    Syncfusion Essential Suite 2.1.0.9
    Synchronize It! 2.82
    System Requirements Lab
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    USB Storage Adapter FX (MXO)
    User Profile Hive Cleanup Service
    VC 9.0 Runtime
    Verizon Online Help and Support
    Viewpoint Media Player
    Virtual Earth 3D (Beta)
    Visual Studio .NET Enterprise Architect 2003 - English
    Visual Studio.NET Baseline - English
    Web Photo Manager
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB894476
    Windows Media Player 9 Series SDK
    Windows Mobile® Device Handbook
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows XP Service Pack 3
    WinZip
    XAMPP 1.7.0
    XShow v4.0
    Yahoo! Music Jukebox
    ZoneAlarm Pro

    ==== Event Viewer Messages From Past Week ========

    7/22/2009 8:04:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SYMTDI Tcpip vsdatant
    7/22/2009 8:04:22 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
    7/22/2009 8:04:22 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    7/22/2009 8:04:22 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/22/2009 8:04:22 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/22/2009 8:04:22 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    7/22/2009 8:04:22 AM, error: Service Control Manager [7001] - The Apache2.2 service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    7/22/2009 7:55:52 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm SRTSPX SYMTDI
    7/22/2009 7:55:52 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
    7/22/2009 7:55:52 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2009 6:58:23 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} to the user DELLSERVER\Barbara SID (S-1-5-21-2306996961-38575474-1034521760-1020). This security permission can be modified using the Component Services administrative tool.
    7/20/2009 6:57:25 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user DELLSERVER\Barbara SID (S-1-5-21-2306996961-38575474-1034521760-1020). This security permission can be modified using the Component Services administrative tool.
    7/18/2009 7:48:21 AM, error: Service Control Manager [7031] - The Norton AntiVirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/18/2009 7:47:08 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

    ==== End Of File ===========================
     
    InSeattle,
    #1
  2. 2009/07/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
    broni,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...