You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Inactive Please help me to finish clean-up from Microsoft Security Suite malware invasion
- Thread starter jbmorgan
- Start date
- Status
- Not open for further replies.
Current status
It seems to be OK. Occasionally Google (occasionally sending me to advertising sites instead of ones requested) or Outlook (90% of my messages suddenly disappear, then come back) do weird things, but I'm not sure if it's related to malware. What do you think?
It seems to be OK. Occasionally Google (occasionally sending me to advertising sites instead of ones requested) or Outlook (90% of my messages suddenly disappear, then come back) do weird things, but I'm not sure if it's related to malware. What do you think?
Very strange.
Please delete the version of combofix that you have on the PC now and download and run the latest version.
Please download ComboFix by sUBs from HERE or HERE
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
Please delete the version of combofix that you have on the PC now and download and run the latest version.
Please download ComboFix by sUBs from HERE or HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply.
- Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
New, severe problems...
Dear Crunchie,
I've been travelling a lot over the past week which is why I've been out of touch. As I said, since my last attempt at a clean-up I've had some problems, although they were minor until today. I switched on my laptop today and now there's a whole host of new problems. There's definitely some sort of malware on my system currently. Earlier I was getting an error message from "eee PC Tray" (that's the type of laptop I have) every minute or so popping up on my screen, telling me it needed to shut down, and an icon which claimed it was the Tray started replacing all of the other icons in my menu bar, as has happened before with malware. It was not quite as severe in that I could still use the Internet and such. I went into Safe Mode and ran TFC, Microsoft Security Essentials (which found and removed a worm) and Malwarebytes. Malwarebytes keeps finding three items on my computer but when I try to have MB remove them, the program freezes, even in safe mode. Also, I can't seem to use WiFi right now, only LAN, which seems to be the result of the virus. The Tray error messages have stopped coming but I'm sure there must still be an infection(s). Any suggestions for this latest round?
Dear Crunchie,
I've been travelling a lot over the past week which is why I've been out of touch. As I said, since my last attempt at a clean-up I've had some problems, although they were minor until today. I switched on my laptop today and now there's a whole host of new problems. There's definitely some sort of malware on my system currently. Earlier I was getting an error message from "eee PC Tray" (that's the type of laptop I have) every minute or so popping up on my screen, telling me it needed to shut down, and an icon which claimed it was the Tray started replacing all of the other icons in my menu bar, as has happened before with malware. It was not quite as severe in that I could still use the Internet and such. I went into Safe Mode and ran TFC, Microsoft Security Essentials (which found and removed a worm) and Malwarebytes. Malwarebytes keeps finding three items on my computer but when I try to have MB remove them, the program freezes, even in safe mode. Also, I can't seem to use WiFi right now, only LAN, which seems to be the result of the virus. The Tray error messages have stopped coming but I'm sure there must still be an infection(s). Any suggestions for this latest round?
Further update
Well, since I last posted, I tried running MB in Safe Mode again - twice - and it didn't find anything! Which is strange since, as far as I know, it didn't successfully delete the things it found the previous time. I'm not sure that actually fixed the problem, either, since my WiFi is still not working, although that may be an unrelated problem. Anyway, just wanted to keep you up-to-date.
Well, since I last posted, I tried running MB in Safe Mode again - twice - and it didn't find anything! Which is strange since, as far as I know, it didn't successfully delete the things it found the previous time. I'm not sure that actually fixed the problem, either, since my WiFi is still not working, although that may be an unrelated problem. Anyway, just wanted to keep you up-to-date.
Dear Crunchie,Any suggestions for this latest round?
My suggestion has already been posted above.
Didn't work...
Dear Crunchie,
I just tried running Combofix but I got the blue screen of death and my system crashed while I was running it. I'm not sure if that was the result of me touching the mouse a moment before the crash but it didn't say anything about not touching the keys/mouse. I'd run it again but the instructions specifically say to only run it once. Where should I go from here?
Dear Crunchie,
I just tried running Combofix but I got the blue screen of death and my system crashed while I was running it. I'm not sure if that was the result of me touching the mouse a moment before the crash but it didn't say anything about not touching the keys/mouse. I'd run it again but the instructions specifically say to only run it once. Where should I go from here?
Combofix log
Dear Crunchie, it worked in safe mode. However, I neglected to disconnect from the Internet before I ran the program...hope that's not a problem. Log below.
ComboFix 10-12-09.08 - John B. Morgan IV 12/11/2010 17:24:43.4.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2039.1703 [GMT 5.5:30]
Running from: c:\documents and settings\John B. Morgan IV\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\winlogon.exe
c:\program files\winlogon.exe\changes.rtf
c:\program files\winlogon.exe\Languages\arabic.lng
c:\program files\winlogon.exe\Languages\belarusian.lng
c:\program files\winlogon.exe\Languages\bosnian.lng
c:\program files\winlogon.exe\Languages\bulgarian.lng
c:\program files\winlogon.exe\Languages\catalan.lng
c:\program files\winlogon.exe\Languages\chineseSI.lng
c:\program files\winlogon.exe\Languages\chineseTR.lng
c:\program files\winlogon.exe\Languages\croatian.lng
c:\program files\winlogon.exe\Languages\czech.lng
c:\program files\winlogon.exe\Languages\danish.lng
c:\program files\winlogon.exe\Languages\dutch.lng
c:\program files\winlogon.exe\Languages\english.lng
c:\program files\winlogon.exe\Languages\estonian.lng
c:\program files\winlogon.exe\Languages\finnish.lng
c:\program files\winlogon.exe\Languages\french.lng
c:\program files\winlogon.exe\Languages\german.lng
c:\program files\winlogon.exe\Languages\greek.lng
c:\program files\winlogon.exe\Languages\hebrew.lng
c:\program files\winlogon.exe\Languages\hungarian.lng
c:\program files\winlogon.exe\Languages\italian.lng
c:\program files\winlogon.exe\Languages\korean.lng
c:\program files\winlogon.exe\Languages\latvian.lng
c:\program files\winlogon.exe\Languages\lithuanian.lng
c:\program files\winlogon.exe\Languages\macedonian.lng
c:\program files\winlogon.exe\Languages\norwegian.lng
c:\program files\winlogon.exe\Languages\polish.lng
c:\program files\winlogon.exe\Languages\portugueseBR.lng
c:\program files\winlogon.exe\Languages\portuguesePT.lng
c:\program files\winlogon.exe\Languages\romanian.lng
c:\program files\winlogon.exe\Languages\russian.lng
c:\program files\winlogon.exe\Languages\serbian.lng
c:\program files\winlogon.exe\Languages\slovak.lng
c:\program files\winlogon.exe\Languages\slovenian.lng
c:\program files\winlogon.exe\Languages\spanish.lng
c:\program files\winlogon.exe\Languages\swedish.lng
c:\program files\winlogon.exe\Languages\turkish.lng
c:\program files\winlogon.exe\license.txt
c:\program files\winlogon.exe\mbam.chm
c:\program files\winlogon.exe\mbam.dll
c:\program files\winlogon.exe\mbam.exe
c:\program files\winlogon.exe\mbamcore.dll
c:\program files\winlogon.exe\mbamext.dll
c:\program files\winlogon.exe\mbamgui.exe
c:\program files\winlogon.exe\mbamnet.dll
c:\program files\winlogon.exe\mbamservice.exe
c:\program files\winlogon.exe\ssubtmr6.dll
c:\program files\winlogon.exe\unins000.dat
c:\program files\winlogon.exe\unins000.exe
c:\program files\winlogon.exe\unins000.msg
c:\program files\winlogon.exe\vbalsgrid6.ocx
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_usnjsvc
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.
2010-12-10 16:22 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33826E67-075B-4FF1-BB76-36B189FE3FE8}\mpengine.dll
2010-11-11 19:04 . 2010-11-11 19:04 -------- d-----w- c:\documents and settings\John B. Morgan IV\Application Data\com.adobe.ExMan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 12:12 . 2010-08-14 03:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 12:12 . 2010-08-14 03:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 20:51 . 2010-08-04 21:49 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-08-04 21:49 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-05-23 14:37 . 2010-04-09 08:51 52355 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
2010-04-23 15:27 . 2010-04-09 08:51 190464 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll.old
2008-05-07 23:34 . 2008-09-11 13:03 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
2009-10-19 13:29 . 2010-07-09 06:42 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\John B. Morgan IV\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\John B. Morgan IV\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\John B. Morgan IV\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-05-23 14:37 52355 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"MobiLink3"="c:\program files\Novatel Wireless\Virgin Mobile\MobiLink3.exe" [2009-08-26 902144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2008-09-17 484880]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 131072]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 159744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-23 204800]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-03 106496]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-03 593920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\John B. Morgan IV\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-29 113664]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-11 311296]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\John B. Morgan IV\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [8/25/2009 4:22 AM 82432]
S2 LanmanSrv;Trusted Center;c:\windows\system32\svchost.exe -k netsvcs [11/25/2009 2:15 AM 14336]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [5/16/2009 12:04 AM 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [5/16/2009 12:04 AM 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [5/16/2009 12:04 AM 174720]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\rkpavproc1.sys [4/24/2009 5:23 PM 16952]
--- Other Services/Drivers In Memory ---
*Deregistered* - sptd
.
Contents of the 'Scheduled Tasks' folder
2010-12-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
2010-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.arktos.com/
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: bobibanking.com\www
TCP: {2268D7D2-E6CB-40AB-AFFF-3898388F4A02} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.arktos.com/
FF - prefs.js: keyword.URL - hxxp://in.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_in&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - c:\documents and settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\DTToolbar@toolbarnet.com
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\winlogon.exe\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 17:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-835585458-1146130675-857608242-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5DE01600-F5B7-C8B1-7CD2-7297AF3CA1DA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaaoilmkjcecdghoci"=hex:6a,61,65,62,6d,67,70,65,62,69,6c,66,66,6c,70,6c,61,63,
64,6d,00,00
"haglooakcohnhhmp"=hex:6a,61,64,62,6f,67,68,6b,6f,6e,66,70,6e,6b,63,70,6f,6f,
63,6e,00,6e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2772)
c:\windows\system32\WININET.dll
c:\documents and settings\John B. Morgan IV\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\program files\eee storage\xpclient.dll
c:\program files\eee storage\logicnp.eznamespaceextensions.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-12-11 17:42:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 12:12
ComboFix2.txt 2010-08-18 16:45
ComboFix3.txt 2010-08-04 15:08
ComboFix4.txt 2010-08-03 16:07
Pre-Run: 2,479,628,288 bytes free
Post-Run: 2,465,161,216 bytes free
Current=6 Default=6 Failed=4 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - AC0BE219B2FC36542225ED3B00E76170
Dear Crunchie, it worked in safe mode. However, I neglected to disconnect from the Internet before I ran the program...hope that's not a problem. Log below.
ComboFix 10-12-09.08 - John B. Morgan IV 12/11/2010 17:24:43.4.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2039.1703 [GMT 5.5:30]
Running from: c:\documents and settings\John B. Morgan IV\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\winlogon.exe
c:\program files\winlogon.exe\changes.rtf
c:\program files\winlogon.exe\Languages\arabic.lng
c:\program files\winlogon.exe\Languages\belarusian.lng
c:\program files\winlogon.exe\Languages\bosnian.lng
c:\program files\winlogon.exe\Languages\bulgarian.lng
c:\program files\winlogon.exe\Languages\catalan.lng
c:\program files\winlogon.exe\Languages\chineseSI.lng
c:\program files\winlogon.exe\Languages\chineseTR.lng
c:\program files\winlogon.exe\Languages\croatian.lng
c:\program files\winlogon.exe\Languages\czech.lng
c:\program files\winlogon.exe\Languages\danish.lng
c:\program files\winlogon.exe\Languages\dutch.lng
c:\program files\winlogon.exe\Languages\english.lng
c:\program files\winlogon.exe\Languages\estonian.lng
c:\program files\winlogon.exe\Languages\finnish.lng
c:\program files\winlogon.exe\Languages\french.lng
c:\program files\winlogon.exe\Languages\german.lng
c:\program files\winlogon.exe\Languages\greek.lng
c:\program files\winlogon.exe\Languages\hebrew.lng
c:\program files\winlogon.exe\Languages\hungarian.lng
c:\program files\winlogon.exe\Languages\italian.lng
c:\program files\winlogon.exe\Languages\korean.lng
c:\program files\winlogon.exe\Languages\latvian.lng
c:\program files\winlogon.exe\Languages\lithuanian.lng
c:\program files\winlogon.exe\Languages\macedonian.lng
c:\program files\winlogon.exe\Languages\norwegian.lng
c:\program files\winlogon.exe\Languages\polish.lng
c:\program files\winlogon.exe\Languages\portugueseBR.lng
c:\program files\winlogon.exe\Languages\portuguesePT.lng
c:\program files\winlogon.exe\Languages\romanian.lng
c:\program files\winlogon.exe\Languages\russian.lng
c:\program files\winlogon.exe\Languages\serbian.lng
c:\program files\winlogon.exe\Languages\slovak.lng
c:\program files\winlogon.exe\Languages\slovenian.lng
c:\program files\winlogon.exe\Languages\spanish.lng
c:\program files\winlogon.exe\Languages\swedish.lng
c:\program files\winlogon.exe\Languages\turkish.lng
c:\program files\winlogon.exe\license.txt
c:\program files\winlogon.exe\mbam.chm
c:\program files\winlogon.exe\mbam.dll
c:\program files\winlogon.exe\mbam.exe
c:\program files\winlogon.exe\mbamcore.dll
c:\program files\winlogon.exe\mbamext.dll
c:\program files\winlogon.exe\mbamgui.exe
c:\program files\winlogon.exe\mbamnet.dll
c:\program files\winlogon.exe\mbamservice.exe
c:\program files\winlogon.exe\ssubtmr6.dll
c:\program files\winlogon.exe\unins000.dat
c:\program files\winlogon.exe\unins000.exe
c:\program files\winlogon.exe\unins000.msg
c:\program files\winlogon.exe\vbalsgrid6.ocx
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_usnjsvc
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.
2010-12-10 16:22 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33826E67-075B-4FF1-BB76-36B189FE3FE8}\mpengine.dll
2010-11-11 19:04 . 2010-11-11 19:04 -------- d-----w- c:\documents and settings\John B. Morgan IV\Application Data\com.adobe.ExMan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 12:12 . 2010-08-14 03:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 12:12 . 2010-08-14 03:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 20:51 . 2010-08-04 21:49 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-08-04 21:49 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-05-23 14:37 . 2010-04-09 08:51 52355 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
2010-04-23 15:27 . 2010-04-09 08:51 190464 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll.old
2008-05-07 23:34 . 2008-09-11 13:03 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
2009-10-19 13:29 . 2010-07-09 06:42 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\John B. Morgan IV\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\John B. Morgan IV\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\John B. Morgan IV\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-05-23 14:37 52355 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"MobiLink3"="c:\program files\Novatel Wireless\Virgin Mobile\MobiLink3.exe" [2009-08-26 902144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2008-09-17 484880]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 131072]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 159744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-23 204800]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-03 106496]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-03 593920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\John B. Morgan IV\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-29 113664]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-11 311296]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\John B. Morgan IV\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [8/25/2009 4:22 AM 82432]
S2 LanmanSrv;Trusted Center;c:\windows\system32\svchost.exe -k netsvcs [11/25/2009 2:15 AM 14336]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [5/16/2009 12:04 AM 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [5/16/2009 12:04 AM 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [5/16/2009 12:04 AM 174720]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\rkpavproc1.sys [4/24/2009 5:23 PM 16952]
--- Other Services/Drivers In Memory ---
*Deregistered* - sptd
.
Contents of the 'Scheduled Tasks' folder
2010-12-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
2010-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.arktos.com/
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: bobibanking.com\www
TCP: {2268D7D2-E6CB-40AB-AFFF-3898388F4A02} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.arktos.com/
FF - prefs.js: keyword.URL - hxxp://in.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_in&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - c:\documents and settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\DTToolbar@toolbarnet.com
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\winlogon.exe\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 17:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-835585458-1146130675-857608242-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5DE01600-F5B7-C8B1-7CD2-7297AF3CA1DA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaaoilmkjcecdghoci"=hex:6a,61,65,62,6d,67,70,65,62,69,6c,66,66,6c,70,6c,61,63,
64,6d,00,00
"haglooakcohnhhmp"=hex:6a,61,64,62,6f,67,68,6b,6f,6e,66,70,6e,6b,63,70,6f,6f,
63,6e,00,6e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2772)
c:\windows\system32\WININET.dll
c:\documents and settings\John B. Morgan IV\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\program files\eee storage\xpclient.dll
c:\program files\eee storage\logicnp.eznamespaceextensions.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-12-11 17:42:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 12:12
ComboFix2.txt 2010-08-18 16:45
ComboFix3.txt 2010-08-04 15:08
ComboFix4.txt 2010-08-03 16:07
Pre-Run: 2,479,628,288 bytes free
Post-Run: 2,465,161,216 bytes free
Current=6 Default=6 Failed=4 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - AC0BE219B2FC36542225ED3B00E76170
Dear Crunchie,
There haven't been any more problems since the last time I wrote to you, fortunately. I still occasionally get that strange device error, but there are no exclamation points in Device Manager. The error I get is for AYHYYYUJ IDE Controller. It only happens sometimes, not every time I boot up. It's not a major problem but I'm not sure if it's a symptom of something that's still lingering.
--John
There haven't been any more problems since the last time I wrote to you, fortunately. I still occasionally get that strange device error, but there are no exclamation points in Device Manager. The error I get is for AYHYYYUJ IDE Controller. It only happens sometimes, not every time I boot up. It's not a major problem but I'm not sure if it's a symptom of something that's still lingering.
--John
- Status
- Not open for further replies.
Similar threads
- Replies
- 1
- Views
- 802
- Replies
- 1
- Views
- 425
Latest posts
-
Samsung introduces the fastest LPDDR5X DRAM in the industry, up to 10.7Gbps
- ScottSoapbox replied
-
How to play PS1 Doom on PC (and why you might want to)- amghwk replied
-
Modder builds a Nintendo Wii the size of a deck of cards- WhiteLeaff replied
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU- Squid Surprise replied
-
Apple is rolling out AirPlay support for TVs in hotel rooms- RudyBob replied
-
TechSpot is dedicated to computer enthusiasts and power users.
Ask a question and give support.
Join the community here, it only takes a minute.