WiredWX Hobby Weather ToolsLog in

 


descriptionHard drive diagnostic problem - Page 2 EmptyRe: Hard drive diagnostic problem

more_horiz
ComboFix 10-12-09.04 - Owner 12/10/2010 13:26:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.807 [GMT -6]
Running from: f:\documents and settings\Owner\Desktop\commy.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf
f:\documents and settings\Owner\My Documents\New Folder\Temporary Internet Files\mccA2.tmp
F:\setup.exe
f:\windows\Downloaded Program Files\DM.0
f:\windows\Downloaded Program Files\DM.0\DMService.exe
f:\windows\Downloaded Program Files\DM.0\WhlMgr.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMService
-------\Legacy_DMService
-------\Service_DMService
-------\Service_DMService


((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.

2010-12-10 18:50 . 2010-12-10 18:50 -------- d-----w- F:\_OTL
2010-12-10 18:31 . 2010-11-10 04:33 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{202A54CB-7A6F-44DB-8751-4F9FBB456A31}\mpengine.dll
2010-12-09 18:37 . 2010-11-16 18:01 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{AE027AA8-F938-4295-9AF4-07E12A34BA97}\mpengine.dll
2010-12-09 05:30 . 2010-12-09 05:31 -------- d-----w- f:\documents and settings\Administrator
2010-12-06 04:05 . 2010-12-06 21:13 -------- d-----w- f:\program files\Common Files\PC Tools
2010-12-06 01:09 . 2010-12-06 01:09 -------- d-----w- f:\program files\STOPzilla!
2010-12-05 00:26 . 2010-12-05 00:26 -------- d-----w- F:\Cache
2010-12-04 23:40 . 2010-12-04 23:40 82944 ----a-w- f:\windows\system32\drivers\6973E8.tmp
2010-12-01 00:07 . 2010-12-01 00:07 -------- d-----w- f:\documents and settings\Owner\Local Settings\Application Data\Yahoo!
2010-11-22 22:56 . 2010-11-22 22:56 546256 ----a-r- f:\windows\system32\SZComp5.dll
2010-11-22 22:56 . 2010-11-22 22:56 452048 ----a-r- f:\windows\system32\SZBase5.dll
2010-11-22 22:56 . 2010-11-22 22:56 398800 ----a-r- f:\windows\system32\IS3DBA5.dll
2010-11-22 22:56 . 2010-11-22 22:56 28624 ----a-r- f:\windows\system32\IS3XDat5.dll
2010-11-22 22:56 . 2010-11-22 22:56 22992 ----a-r- f:\windows\system32\SZIO5.dll
2010-11-22 22:56 . 2010-11-22 22:56 132560 ----a-r- f:\windows\system32\IS3HTUI5.dll
2010-11-22 22:56 . 2010-11-22 22:56 99792 ----a-r- f:\windows\system32\IS3Svc5.dll
2010-11-22 22:56 . 2010-11-22 22:56 99792 ----a-r- f:\windows\system32\IS3Inet5.dll
2010-11-22 22:56 . 2010-11-22 22:56 738768 ----a-r- f:\windows\system32\IS3Base5.dll
2010-11-22 22:56 . 2010-11-22 22:56 67024 ----a-r- f:\windows\system32\IS3Hks5.dll
2010-11-22 22:56 . 2010-11-22 22:56 390608 ----a-r- f:\windows\system32\IS3UI5.dll
2010-11-22 22:56 . 2010-11-22 22:56 230864 ----a-r- f:\windows\system32\IS3Win325.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:42 . 2010-02-27 16:00 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 23:42 . 2010-02-27 16:00 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-11-16 18:01 . 2009-11-17 23:08 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-10 04:33 . 2010-02-28 08:19 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 16:41 . 2009-11-17 23:08 222080 ------w- f:\windows\system32\MpSigStub.exe
2010-09-18 17:23 . 2004-08-04 10:00 974848 ----a-w- f:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- f:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- f:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- f:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 07:40 192960 ------w- f:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"Search Protection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Push Client"="f:\documents and settings\Owner\Local Settings\Application Data\ATT Connect\Participant\pull.exe" [2009-09-17 935240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="f:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="f:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"ccApp"="f:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="f:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]
"HP Software Update"="f:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="f:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AppleSyncNotifier"="f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"YSearchProtection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"RoxWatchTray"="f:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"MSSE"="f:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - f:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - f:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=

R0 szkg5;szkg5;f:\windows\system32\drivers\SZKG.sys [12/7/2009 4:59 PM 61328]
R0 szkgfs;szkgfs;f:\windows\system32\drivers\SZKGFS.sys [5/12/2010 5:01 PM 59280]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;f:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [5/31/2010 2:11 PM 149904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;f:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/4/2010 7:07 PM 102448]
S0 is3srv;is3srv;f:\windows\system32\drivers\is3srv.sys [12/7/2009 4:59 PM 61328]
S2 WinDefend;Windows Defender;f:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 cpuz134;cpuz134;\??\f:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> f:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 MotDev;Motorola Inc. USB Device;f:\windows\system32\drivers\motodrv.sys [4/20/2008 9:08 PM 42112]
S3 SavRoam;SAVRoam;f:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 12:27 PM 169200]
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-10 f:\windows\Tasks\User_Feed_Synchronization-{F07C0FFD-E5E4-4D4E-B810-7CCC811B04B6}.job
- f:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - f:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send Image to Phone - http://www.freeringers.net/ezimage.php
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-TPSvc - TPSvc.dll
AddRemove-Malwarebytes' Anti-Malware_is1 - f:\program files\Malwarebytes' Anti-Malware\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 15:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
f:\windows\system32\l3codeca.acm
f:\windows\system32\scg726.acm
f:\windows\system32\alf2cd.acm
f:\windows\system32\AC3ACM.acm

- - - - - - - > 'explorer.exe'(904)
f:\windows\system32\WININET.dll
f:\windows\system32\ieframe.dll
f:\progra~1\WINDOW~2\wmpband.dll
f:\windows\system32\mshtml.dll
f:\windows\system32\msls31.dll
f:\windows\IME\SPGRMR.DLL
f:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
f:\windows\system32\l3codeca.acm
f:\windows\system32\scg726.acm
f:\windows\system32\alf2cd.acm
f:\windows\system32\AC3ACM.acm
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
f:\program files\Microsoft Security Essentials\MsMpEng.exe
f:\program files\Common Files\Symantec Shared\ccSetMgr.exe
f:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\program files\Symantec AntiVirus\DefWatch.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Common Files\Motive\McciCMService.exe
f:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
f:\program files\Symantec AntiVirus\Rtvscan.exe
f:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
f:\program files\Symantec AntiVirus\DoScan.exe
f:\program files\Microsoft ActiveSync\wcescomm.exe
f:\progra~1\MI3AA1~1\rapimgr.exe
f:\windows\system32\HPZipm12.exe
f:\program files\iPod\bin\iPodService.exe
f:\program files\HP\Digital Imaging\bin\hpqgalry.exe
f:\program files\Java\jre6\bin\jucheck.exe
f:\program files\Internet Explorer\iexplore.exe
f:\program files\Internet Explorer\iexplore.exe
f:\program files\Internet Explorer\iexplore.exe
f:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2010-12-10 16:00:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-10 21:59

Pre-Run: 67,134,484,480 bytes free
Post-Run: 69,355,839,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=4 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - AFD411796D45DF92E3267F52B46D3B80
s the results, I want to thank u again for all your help. Big Grin

descriptionHard drive diagnostic problem - Page 2 EmptyRe: Hard drive diagnostic problem

more_horiz
Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    f:\windows\system32\drivers\6973E8.tmp


  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Hard drive diagnostic problem - Page 2 Cfscriptb4

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


=================

Hard drive diagnostic problem - Page 2 Bf_new Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

descriptionHard drive diagnostic problem - Page 2 EmptyRe: Hard drive diagnostic problem

more_horiz
Hi again - Sorry I was having a brain freeze on what you were asking me to do, I pulled up the notepad but it was a different language so I let it sit for a few days to comprehend what you were telling me and now it has blacked out my screen. I have to keep turning my screen on and off for a split second look at it. Is my only option now rebooting and loosing everything in there? And me like a dummy didnt back up on a scan disk. Im very frustrated with this. Thank you again for all your help.

descriptionHard drive diagnostic problem - Page 2 EmptyRe: Hard drive diagnostic problem

more_horiz
Hi,

So your notepad was in a different language and now it won't boot?

descriptionHard drive diagnostic problem - Page 2 EmptyRe: Hard drive diagnostic problem

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum