TechSpot

Computer Freezing Constantly

By kel1987
Oct 20, 2010
  1. Hi I have been having a problem with my computer for about 4 days now. Everything freezes on it, even notepad. It all happened when my brother downloaded a program which I have since uninstalled but it is still acting up. I can't remember the name of the program. Also my internet won't load properly, but other computers have been tested on the same connection and it works fine.

    Also I have tried to run GMER and DDS and each time it says I don't have the appropirate permissions to access the file but I am the administrator on the computer with no other names on it. I got Malwarebytes to work but thats about it.



    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4895

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    10/20/2010 7:14:31 PM
    mbam-log-2010-10-20 (19-14-31).txt

    Scan type: Quick scan
    Objects scanned: 139222
    Time elapsed: 1 hour(s), 52 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. kel1987

    kel1987 TS Rookie Topic Starter Posts: 75

    Ok I managed to get GMER and DDS to work in safe mode.


    DDS (Ver_10-10-10.03) - NTFSx86 NETWORK
    Run by Jessica at 20:46:05.51 on Wed 10/20/2010
    Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.631 [GMT -4:00]

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Jessica\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.orbitdownloader.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://en.us.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\jessica\appdata\roaming\mozilla\firefox\profiles\tlvu53p1.kellie\
    FF - prefs.js: browser.startup.homepage - facebook.com
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\users\jessica\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\jessica\appdata\roaming\facebook\npfbplugin_1_0_4.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-6-1 17256]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 30112]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 236088]
    S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-7-12 21504]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2010-7-24 16640]
    S4 Macro Expert;Macro Expert;c:\program files\grasssoft\mouse recorder\MacroService.exe [2010-8-30 351232]
    S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-11 1153368]

    =============== Created Last 30 ================

    2010-10-19 06:28:58 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a8dbc7e2-f28d-4638-9711-f1c5367493af}\mpengine.dll
    2010-10-17 06:41:50 -------- d-----w- c:\users\jessica\appdata\roaming\XnView
    2010-10-17 06:41:24 -------- d-----w- c:\program files\XnView
    2010-10-14 07:53:40 -------- d-----w- c:\program files\Charles
    2010-10-13 03:57:57 -------- d-----w- c:\progra~2\SonicStage
    2010-10-13 03:47:56 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
    2010-10-13 03:47:56 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
    2010-10-13 03:47:56 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
    2010-10-13 03:47:56 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
    2010-10-13 03:47:56 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
    2010-10-13 03:47:55 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
    2010-10-13 03:47:52 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
    2010-10-13 03:46:44 -------- d-----w- c:\windows\system32\Iosubsys
    2010-10-13 00:09:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-10-13 00:09:57 197632 ----a-w- c:\program files\internet explorer\IEShims.dll
    2010-10-13 00:09:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-10-13 00:09:45 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-13 00:09:29 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-12 23:46:21 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-12 23:46:14 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-10-12 23:46:14 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-12 23:44:55 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-12 23:44:54 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-12 23:44:50 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-12 23:44:19 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-12 23:44:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-12 23:41:46 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-12 23:41:40 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-12 23:41:39 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-12 23:41:34 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-12 23:41:26 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-12 23:38:33 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-12 23:38:28 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-12 23:30:27 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-12 07:00:24 -------- d-----w- c:\program files\iPod
    2010-09-29 12:00:56 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-09-29 12:00:39 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-26 08:43:45 -------- d-----w- c:\program files\Fiddler2
    2010-09-26 02:09:00 -------- d-----w- c:\program files\Nemex
    2010-09-26 02:06:37 -------- d-----w- c:\users\jessica\appdata\roaming\Grasssoft
    2010-09-26 02:05:00 -------- d-----w- c:\progra~2\Grasssoft
    2010-09-26 02:03:57 -------- d-----w- c:\program files\GrassSoft
    2010-09-25 00:41:04 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
    2010-09-25 00:41:04 1970176 ----a-w- c:\windows\system32\d3dx9.dll

    ==================== Find3M ====================

    2010-10-21 00:11:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-28 22:48:44 285480 ----a-w- c:\windows\system32\guard32.dll
    2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-07-27 22:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-27 22:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-07-27 22:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-07-27 22:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-07-23 01:55:18 1002008 ----a-w- c:\windows\system32\igxpun.exe
    2010-07-23 01:55:17 319456 ----a-w- c:\windows\system32\difxapi.dll
    2010-07-23 01:45:21 53248 ----a-w- c:\windows\system32\CSVer.dll
    2010-07-23 00:47:32 319456 ----a-w- c:\windows\DIFxAPI.dll

    ============= FINISH: 20:47:12.23 ===============
     
  3. kel1987

    kel1987 TS Rookie Topic Starter Posts: 75

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/11/2010 8:20:20 AM
    System Uptime: 10/20/2010 8:44:11 PM (0 hours ago)

    Motherboard: Acer, Inc. | | Prespa1
    Processor: Intel(R) Celeron(R) M CPU 520 @ 1.60GHz | U2E1 | 1600/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 69 GiB total, 40.939 GiB free.
    D: is FIXED (NTFS) - 35 GiB total, 25.558 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP219: 10/12/2010 11:44:12 PM - Installed Music Server Controller
    RP221: 10/12/2010 11:46:10 PM - Installed OpenMG Secure Module
    RP223: 10/12/2010 11:48:16 PM - Installed SonicStage
    RP225: 10/12/2010 11:50:49 PM - Installed SonicStage Add-on
    RP226: 10/16/2010 5:27:02 AM - Windows Update
    RP227: 10/17/2010 2:01:15 AM - Windows Update
    RP228: 10/19/2010 2:26:12 AM - Windows Update
    RP229: 10/20/2010 1:15:40 AM - Removed Google Talk Plugin
    RP230: 10/20/2010 8:09:46 PM - Installed Java(TM) 6 Update 22

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Acer Arcade
    Acer Assist
    Acer eDataSecurity Management
    Acer eLock Management
    Acer Empowering Technology
    Acer eNet Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer Registration
    Acer ScreenSaver
    Acer Tour
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Advanced Key and Mouse Recorder
    Agere Systems HDA Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    BufferChm
    CCleaner
    Cheat Engine 5.6.1
    COMODO Internet Security
    Content Transfer
    Coupon Printer for Windows
    D1600
    Device Doctor
    DeviceDiscovery
    DivX Setup
    DJ_SF_06_D1600_SW_Min
    Enhanced Multimedia Keyboard Solution
    Facebook Plug-In
    Fiddler2
    FileHippo.com Update Checker
    Foxit Reader
    GPBaseService2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 14.0
    HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
    HP Imaging Device Functions 14.0
    HP Photo Creations
    HP Picasso Media Center Add-In
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Update
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    ImgBurn
    Intel(R) Graphics Media Accelerator Driver
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Launch Manager
    LightScribe 1.4.136.1
    Logitech Webcam Software
    Malwarebytes' Anti-Malware
    ManyCam 2.5.74 (remove only)
    MarketResearch
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mouse Recorder Pro 2.0.5.0
    Mozilla Firefox (3.6.11)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    NVIDIA Drivers
    OpenMG Limited Patch 4.7-07-14-05-01
    OpenMG Secure Module 4.7.00
    Orbit Downloader
    Prism Video File Converter
    QuickTime
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Shop for HP Supplies
    Smart Defrag
    SmartWebPrinting
    SolutionCenter
    SonicStage 4.3
    Spybot - Search & Destroy
    Status
    SUPERAntiSpyware
    Switch Sound File Converter
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Toolbox
    TrayApp
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC80CRTRedist - 8.0.50727.4053
    VideoPad Video Editor
    VLC media player 1.1.1
    WavePad Sound Editor
    WebReg
    WinRAR archiver
    XnView 1.97.8

    ==== Event Viewer Messages From Past Week ========

    10/20/2010 8:45:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard SASDIFSV SASKUTIL spldr Wanarpv6
    10/20/2010 8:45:25 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/20/2010 8:45:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/20/2010 8:45:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/20/2010 8:45:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/20/2010 8:45:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/20/2010 7:40:22 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/20/2010 1:03:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
    10/17/2010 12:36:11 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.91.1591.0 Loading engine version: 1.1.6201.0

    ==== End Of File ===========================
     
  4. kel1987

    kel1987 TS Rookie Topic Starter Posts: 75

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-20 21:29:17
    Windows 6.0.6002 Service Pack 2
    Running: 9hnv65zg.exe; Driver: C:\Users\Jessica\AppData\Local\Temp\axrdrfoc.sys


    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74017817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7406A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7401BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7400F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7400E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74048395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7401DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7400FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7400FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7409CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7403C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7400D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74006853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7400687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74012AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    ---- EOF - GMER 1.0.15 ----
     
  5. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Combofix, listed below can be run in Safe Mode, if needed.
    Try normal mode first.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. kel1987

    kel1987 TS Rookie Topic Starter Posts: 75

    Hi Broni nice to have you helping me again :)
    I was not able to run it in regular mode. Still said the same thing so I did it in safe mode.



    ComboFix 10-10-20.01 - Jessica 10/20/2010 22:19:04.4.1 - x86 NETWORK
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.521 [GMT -4:00]
    Running from: c:\users\Jessica\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
    .

    2010-10-21 02:25 . 2010-10-21 02:25 -------- d-----w- c:\users\Jessica\AppData\Local\temp
    2010-10-21 02:25 . 2010-10-21 02:25 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-10-21 02:25 . 2010-10-21 02:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-21 02:16 . 2010-10-21 02:17 -------- d-----w- C:\32788R22FWJFW
    2010-10-19 06:28 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8DBC7E2-F28D-4638-9711-F1C5367493AF}\mpengine.dll
    2010-10-17 16:11 . 2010-10-17 16:11 -------- d-----w- c:\users\Jessica\AppData\Roaming\HPAppData
    2010-10-17 06:41 . 2010-10-17 06:45 -------- d-----w- c:\users\Jessica\AppData\Roaming\XnView
    2010-10-17 06:41 . 2010-10-17 06:41 -------- d-----w- c:\program files\XnView
    2010-10-14 07:53 . 2010-10-14 07:53 -------- d-----w- c:\program files\Charles
    2010-10-13 03:57 . 2010-10-13 03:57 -------- d-----w- c:\programdata\SonicStage
    2010-10-13 03:47 . 2004-07-16 04:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
    2010-10-13 03:47 . 2004-07-16 04:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
    2010-10-13 03:47 . 2004-07-16 04:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
    2010-10-13 03:47 . 2004-07-16 04:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
    2010-10-13 03:47 . 2004-07-16 04:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
    2010-10-13 03:47 . 2010-10-13 03:47 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
    2010-10-13 03:47 . 2010-10-13 03:47 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
    2010-10-13 03:46 . 2010-10-13 03:46 -------- d-----w- c:\windows\system32\Iosubsys
    2010-10-13 00:09 . 2010-09-08 05:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-10-13 00:09 . 2010-09-08 05:56 197632 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2010-10-13 00:09 . 2010-09-08 05:56 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-10-13 00:09 . 2010-09-08 04:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-13 00:09 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-12 23:46 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-12 23:46 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-12 23:46 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2010-10-12 23:44 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-12 23:44 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-12 23:44 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-12 23:44 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-12 23:44 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-12 23:41 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-12 23:41 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-12 23:41 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-12 23:41 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-12 23:41 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-12 23:38 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-12 23:38 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-12 23:30 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-12 07:00 . 2010-10-12 07:00 -------- d-----w- c:\program files\iPod
    2010-09-29 12:00 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-09-29 12:00 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-26 08:43 . 2010-09-26 08:44 -------- d-----w- c:\program files\Fiddler2
    2010-09-26 02:09 . 2010-09-26 02:09 -------- d-----w- c:\program files\Nemex
    2010-09-26 02:06 . 2010-09-26 02:06 -------- d-----w- c:\users\Jessica\AppData\Roaming\Grasssoft
    2010-09-26 02:05 . 2010-09-26 02:05 -------- d-----w- c:\programdata\Grasssoft
    2010-09-26 02:03 . 2010-09-26 02:03 -------- d-----w- c:\program files\GrassSoft
    2010-09-25 00:41 . 2009-11-03 18:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
    2010-09-25 00:41 . 2009-11-03 18:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 815104]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-28 2500552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\guard32.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
    backup=c:\windows\pss\Orbit.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Acer Product Registration.lnk]
    path=c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acer Product Registration.lnk
    backup=c:\windows\pss\Acer Product Registration.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
    2007-02-02 18:05 1261568 ----a-w- c:\program files\Acer Assist\launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
    2007-02-02 19:24 3383296 ----a-w- c:\program files\Acer Registration\ACE1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
    2007-01-17 17:01 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
    2009-11-19 22:15 583016 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    2007-02-07 08:04 464168 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDSMSNfix]
    2007-02-08 17:40 13312 ----a-w- c:\acer\Empowering Technology\eDSMSNfix.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-12 00:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2009-11-18 20:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-12 00:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-08-11 19:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-08-11 19:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    2006-12-08 19:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
    2007-01-11 07:47 483328 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Macro Manager]
    2010-09-03 14:09 2698752 ----a-w- c:\program files\GrassSoft\Mouse Recorder\MacroManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2007-01-09 08:55 151552 ----a-w- c:\program files\Acer\Acer Arcade\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-12 00:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-08-25 18:03 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2236743762-159487141-3334895427-1000]
    "EnableNotificationsRef"=dword:00000001

    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-09-28 236088]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]
    R4 Macro Expert;Macro Expert;c:\program files\grasssoft\mouse recorder\MacroService.exe [2010-08-31 351232]
    R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2010-09-28 17256]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-09-28 30112]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ECACHE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-11 c:\windows\Tasks\SmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-07-12 22:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.orbitdownloader.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://en.us.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    FF - ProfilePath - c:\users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\tlvu53p1.Kellie\
    FF - prefs.js: browser.startup.homepage - facebook.com
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\users\Jessica\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\Jessica\AppData\Roaming\Facebook\npfbplugin_1_0_4.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-RunOnce-<NO NAME> - (no file)
    MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
    MSConfigStartUp-Google Update - c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2010-10-20 22:29:10
    ComboFix-quarantined-files.txt 2010-10-21 02:29

    Pre-Run: 43,930,193,920 bytes free
    Post-Run: 43,740,401,664 bytes free

    - - End Of File - - 37925707E771C874763252C87C0587B6
     
  7. Broni

    Broni Malware Annihilator Posts: 52,899   +344

  8. kel1987

    kel1987 TS Rookie Topic Starter Posts: 75

    I am running Vista and have tried that, still the same thing :s

    All I know is it started when my brother downloaded that program. Do you have any other suggestions? I really do not want to have to reinstall windows for the 3rd time in 6 months.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Did you try system restore to before 4 days ago?
     
  10. kel1987

    kel1987 TS Rookie Topic Starter Posts: 75

    It did a system restore a couple of days ago because windows didn't want to start up but I will give it a try again for a date back further :)
     
  11. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Use some restore point from before installing that program.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...