Error 80246008. Windows not installing updates

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

waydown72

Thread Starter
Joined
Jan 16, 2011
Messages
62
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft® Windows Vista™ Home Basic , Service Pack 2, 32 bit
Processor: Intel(R) Celeron(R) M CPU 420 @ 1.60GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 1
RAM: 501 Mb
Graphics Card: Mobile Intel(R) 945 Express Chipset Family, 64 Mb
Hard Drives: C: Total - 32651 MB, Free - 5086 MB; F: Total - 238472 MB, Free - 160169 MB;
Motherboard: DIXONSXP, DIXONSXP, ,
Antivirus: AVG Anti-Virus Free Edition 2011, Updated and Enabled.

Recently noticed that since july 2010 my windows update has not been installing the required updates. Gives me an error code 80246008. after trying to install. I have gone to the Knowledge base and tried to solve the problem but to no success. The BITS starts then stops almost straight away. Then keeps giving me this message.
" The background intelligent transfer service on local computer started and then stopped. Some services stop automatically if they are not in use by other services or programs. "

Can anyone help please.
Many thanks.
 

Phantom010

Trusted Advisor
Joined
Mar 9, 2009
Messages
34,796
Click Start > Programs > Accessories > right-click on Command Prompt, select "Run as Administrator" to open a command prompt.

In the Command Prompt, type in the bold text, one command after the other, pressing Enter between each of them:

Reset WINSOCK entries to installation defaults: netsh winsock reset catalog

Reset IPv4 TCP/IP stack to installation defaults: netsh int ipv4 reset reset.log

Reset IPv6 TCP/IP stack to installation defaults: netsh int ipv6 reset reset.log

Reboot the computer.

 

Phantom010

Trusted Advisor
Joined
Mar 9, 2009
Messages
34,796
Please click HERE to download and install HijackThis.

Run it and select Do a system scan and save a logfile from the Main Menu.

The log will be saved in Notepad. Copy and paste the log in your next post.

IMPORTANT: Do not fix anything
 

waydown72

Thread Starter
Joined
Jan 16, 2011
Messages
62
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:00:34, on 18/01/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ICON 225 USB Connect.lnk = C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - (no file)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-5/myWebFaceInitialSetup1.0.1.3.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
--
End of file - 8507 bytes
 

Phantom010

Trusted Advisor
Joined
Mar 9, 2009
Messages
34,796
The BITS starts then stops almost straight away. Then keeps giving me this message.
" The background intelligent transfer service on local computer started and then stopped. Some services stop automatically if they are not in use by other services or programs. "
Is the Startup Type for that service set to Automatic? In Windows XP, that service is set to Manual by default. However, in Vista, it's Automatic, and can be set to Automatic (Delayed Start). Then, Start the service.

Also make sure the Windows Event Log service is Started and Automatic.
 

waydown72

Thread Starter
Joined
Jan 16, 2011
Messages
62
The BITS is already set to automatic delayed.
The events log is on automatic and has started.
What do i do next.
 

Phantom010

Trusted Advisor
Joined
Mar 9, 2009
Messages
34,796
Probably not related but you should remove SearchSettings from your computer. It's up to no good. It's adware. Look for it in "Programs and Features" and uninstall it.

In case these don't get removed:

Run HijackThis again.

Select Do a system scan only.

Put a check mark on:

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)


Click Fix checked.


I'll further look into your Windows Update problem...
 

Phantom010

Trusted Advisor
Joined
Mar 9, 2009
Messages
34,796
OK, just found evidence of a SmitFraud infection on your computer. (added to those traces of Trojan-Downloader.Zlob.Media-Codec).

File sharing (µTorrent) is a risky business. These nasties will often come from music downloaded from file sharing programs and from special codecs needed to view a "certain type" of videos...

Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. You should get an answer within the next 48 hours. Those guys are really busy!
 

kevinf80

Malware Specialist
Joined
Mar 21, 2006
Messages
11,383
First Name
Kevin
Hiya waydown72

I'm kevinf80 and I will be helping with any malware issues you may have with your system.
  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.

Proceed as follows ;-

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

Combofix

Don`t forget Combofix must be saved to your desktop. <--Very important

Before saving Combofix to the Desktop rename to Gotcha.exe as below:



Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

Please include the C:\ComboFix.txt in your next reply for further review.

Examples of how to disable realtime protection available at the following link :-

Disable realtime protection

Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in your reply...

Kevin
 

waydown72

Thread Starter
Joined
Jan 16, 2011
Messages
62
ComboFix 11-01-18.04 - winnie 19/01/2011 12:51:26.1.1 - x86
Microsoft® Windows Vista&#8482; Home Basic 6.0.6002.2.1252.44.1033.18.501.79 [GMT 0:00]
Running from: c:\users\winnie\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Fast Browser Search
c:\program files\Helper
c:\program files\Sotfone
c:\program files\Video Add-on
c:\program files\Video Add-on\ot.ico
c:\program files\Video Add-on\ts.ico
c:\programdata\vlc-0.9.9-win32.exe
c:\programdata\vlc-1.0.1-win32.exe
c:\users\winnie\AppData\Local\0535049569854.xxe
c:\users\winnie\AppData\Local\05352975110249.xxe
c:\users\winnie\FAVORI~1\Online Security Test.url
c:\users\winnie\Favorites\Online Security Test.url
.
((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.
2011-01-19 13:05 . 2011-01-19 13:08 -------- d-----w- c:\users\winnie\AppData\Local\temp
2011-01-19 13:05 . 2011-01-19 13:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-19 13:05 . 2011-01-19 13:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-18 03:59 . 2011-01-18 03:59 -------- d-----w- c:\program files\Trend Micro
2011-01-17 03:06 . 2011-01-17 03:06 -------- d-----w- c:\users\winnie\AppData\Roaming\AVG10
2011-01-17 03:02 . 2011-01-17 03:02 -------- d--h--w- c:\programdata\Common Files
2011-01-17 02:57 . 2011-01-19 12:14 -------- d-----w- c:\programdata\AVG10
2011-01-16 23:06 . 2011-01-16 23:06 -------- d-----w- c:\users\winnie\AppData\Roaming\ParetoLogic
2011-01-14 06:13 . 2011-01-14 06:13 -------- d-----w- c:\windows\en
2011-01-14 06:11 . 2010-09-23 00:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-01-14 06:03 . 2011-01-14 06:03 -------- d-----w- c:\windows\PCHEALTH
2011-01-14 05:59 . 2011-01-14 05:59 -------- d-----w- c:\program files\MSN Toolbar
2011-01-14 05:56 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-01-14 05:56 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-01-14 05:56 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-01-14 05:51 . 2011-01-14 05:51 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\fb3f16f1cbb3af08\InstallManager_WLE_WLE.exe
2011-01-14 05:50 . 2011-01-14 05:50 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\46eeeef1cbb3af07\MeshBetaRemover.exe
2011-01-14 05:50 . 2011-01-14 05:50 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ffb0f1af1cbb3ae06\DSETUP.dll
2011-01-14 05:50 . 2011-01-14 05:50 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ffb0f1af1cbb3ae06\DXSETUP.exe
2011-01-14 05:50 . 2011-01-14 05:50 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ffb0f1af1cbb3ae06\dsetup32.dll
2011-01-14 05:50 . 2011-01-14 05:50 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa09adaf1cbb3ae05\DXSETUP.exe
2011-01-14 05:50 . 2011-01-14 05:50 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa09adaf1cbb3ae05\dsetup32.dll
2011-01-14 05:50 . 2011-01-14 05:50 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa09adaf1cbb3ae05\DSETUP.dll
2011-01-11 19:26 . 2010-08-17 23:54 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-11 19:26 . 2010-08-17 23:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-11 19:26 . 2010-08-17 23:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-11 19:26 . 2010-08-17 23:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-11 19:26 . 2010-08-17 23:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-11 19:26 . 2010-08-17 23:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-11 19:26 . 2010-08-17 23:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-11 19:26 . 2010-08-17 23:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-11 19:26 . 2010-08-17 23:49 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-11 19:26 . 2010-08-17 23:49 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-11 19:26 . 2010-08-17 23:50 680960 ----a-w- c:\windows\system32\d2d1.dll
2011-01-11 19:26 . 2010-08-17 23:49 1068032 ----a-w- c:\windows\system32\DWrite.dll
2011-01-11 19:24 . 2011-01-11 19:24 -------- d-----w- c:\program files\Feedback Tool
2011-01-11 19:20 . 2011-01-11 19:20 2468664 ----a-w- c:\users\winnie\IE9-WindowsVista-x86-enu.exe
2011-01-04 22:29 . 2011-01-04 22:29 -------- d-----w- c:\program files\Bonjour
2010-12-29 15:39 . 2010-12-29 15:39 -------- d-----w- c:\programdata\FileCure
2010-12-21 00:34 . 2010-12-21 00:34 -------- d-----w- c:\program files\Common Files\Skype
2010-12-21 00:34 . 2011-01-02 22:58 -------- d-----r- c:\program files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 21:27 . 2010-12-13 21:27 13944160 ----a-w- c:\users\winnie\IE8-WindowsVista-x86-ENU.exe
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-10 02:54 . 2010-11-10 02:54 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-11-10 02:28 . 2010-11-10 02:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-06-29 12:00 . 2010-06-29 12:00 70646 ----a-w- c:\program files\Uninstall.exe
2010-01-27 01:47 . 2010-01-27 01:47 2495080 ----a-w- c:\program files\AmazonMP3Downloader.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ICON 225 USB Connect.lnk - c:\program files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe [2008-5-28 843776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 GtDetectSc;GtDetectSc;c:\program files\Orange\ICON 225 USB Connect\GtDetectSc.exe [2007-12-18 196704]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Pareto_Update - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
AddRemove-deskPDF 2.5 Standard_is1 - e:\ten pdf reader\deskPDF\unins000.exe
AddRemove-Joboshare DVD Ripper Platinum - e:\dvd ripper platinum\Uninstall.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-19 13:08
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-19 13:15:59
ComboFix-quarantined-files.txt 2011-01-19 13:15
Pre-Run: 6,604,525,568 bytes free
Post-Run: 6,825,553,920 bytes free
- - End Of File - - FA9063D10F46B0A6C3DAED04E7005F25
 

kevinf80

Malware Specialist
Joined
Mar 21, 2006
Messages
11,383
First Name
Kevin
Hiya waydown72,

Proceed as follows please :-

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
KillAll::

DirLook::
c:\windows\en
Folder::
c:\users\winnie\AppData\Roaming\ParetoLogic
c:\programdata\FileCure
File::
c:\program files\Uninstall.exe
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the
    button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on
    to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
  • Check
  • Click the
    button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the
    button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take between one and several hours to complete depending on the size of your system.

Step 3

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

What i`d like in your reply :-

  • Log from Combofix
  • Log from ESET
  • Log from Security Checks
  • System review, improvements? remaining issues?

Kevin
 

waydown72

Thread Starter
Joined
Jan 16, 2011
Messages
62
ComboFix 11-01-18.04 - winnie 20/01/2011 22:45:54.4.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.501.153 [GMT 0:00]
Running from: c:\users\winnie\Desktop\Gotcha.exe
Command switches used :: c:\users\winnie\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\program files\Uninstall.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Uninstall.exe
c:\programdata\FileCure
c:\programdata\FileCure\fc_db.db
c:\programdata\FileCure\fc_history.db
c:\programdata\FileCure\fc_ignore.db
c:\users\winnie\AppData\Roaming\ParetoLogic
.
((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 )))))))))))))))))))))))))))))))
.
2011-01-20 23:00 . 2011-01-20 23:03 -------- d-----w- c:\users\winnie\AppData\Local\temp
2011-01-20 23:00 . 2011-01-20 23:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-20 23:00 . 2011-01-20 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-18 03:59 . 2011-01-18 03:59 -------- d-----w- c:\program files\Trend Micro
2011-01-17 03:06 . 2011-01-17 03:06 -------- d-----w- c:\users\winnie\AppData\Roaming\AVG10
2011-01-17 03:02 . 2011-01-17 03:02 -------- d--h--w- c:\programdata\Common Files
2011-01-17 02:57 . 2011-01-19 12:14 -------- d-----w- c:\programdata\AVG10
2011-01-14 06:13 . 2011-01-14 06:13 -------- d-----w- c:\windows\en
2011-01-14 06:11 . 2010-09-23 00:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-01-14 06:03 . 2011-01-14 06:03 -------- d-----w- c:\windows\PCHEALTH
2011-01-14 05:59 . 2011-01-14 05:59 -------- d-----w- c:\program files\MSN Toolbar
2011-01-14 05:56 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-01-14 05:56 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-01-14 05:56 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-01-14 05:51 . 2011-01-14 05:51 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\fb3f16f1cbb3af08\InstallManager_WLE_WLE.exe
2011-01-14 05:50 . 2011-01-14 05:50 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\46eeeef1cbb3af07\MeshBetaRemover.exe
2011-01-14 05:50 . 2011-01-14 05:50 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ffb0f1af1cbb3ae06\DSETUP.dll
2011-01-14 05:50 . 2011-01-14 05:50 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ffb0f1af1cbb3ae06\DXSETUP.exe
2011-01-14 05:50 . 2011-01-14 05:50 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ffb0f1af1cbb3ae06\dsetup32.dll
2011-01-14 05:50 . 2011-01-14 05:50 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa09adaf1cbb3ae05\DXSETUP.exe
2011-01-14 05:50 . 2011-01-14 05:50 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa09adaf1cbb3ae05\dsetup32.dll
2011-01-14 05:50 . 2011-01-14 05:50 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa09adaf1cbb3ae05\DSETUP.dll
2011-01-11 19:26 . 2010-08-17 23:54 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-11 19:26 . 2010-08-17 23:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-11 19:26 . 2010-08-17 23:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-11 19:26 . 2010-08-17 23:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-11 19:26 . 2010-08-17 23:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-11 19:26 . 2010-08-17 23:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-11 19:26 . 2010-08-17 23:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-11 19:26 . 2010-08-17 23:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-11 19:26 . 2010-08-17 23:49 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-11 19:26 . 2010-08-17 23:49 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-11 19:26 . 2010-08-17 23:50 680960 ----a-w- c:\windows\system32\d2d1.dll
2011-01-11 19:26 . 2010-08-17 23:49 1068032 ----a-w- c:\windows\system32\DWrite.dll
2011-01-11 19:24 . 2011-01-11 19:24 -------- d-----w- c:\program files\Feedback Tool
2011-01-11 19:20 . 2011-01-11 19:20 2468664 ----a-w- c:\users\winnie\IE9-WindowsVista-x86-enu.exe
2011-01-04 22:29 . 2011-01-04 22:29 -------- d-----w- c:\program files\Bonjour
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 21:27 . 2010-12-13 21:27 13944160 ----a-w- c:\users\winnie\IE8-WindowsVista-x86-ENU.exe
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-10 02:54 . 2010-11-10 02:54 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-11-10 02:28 . 2010-11-10 02:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-01-27 01:47 . 2010-01-27 01:47 2495080 ----a-w- c:\program files\AmazonMP3Downloader.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\en ----
2010-11-10 02:37 . 2010-11-10 02:37 106864 ----a-w- c:\windows\en\WLXPGSS.SCR.mui

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ICON 225 USB Connect.lnk - c:\program files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe [2008-5-28 843776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 GtDetectSc;GtDetectSc;c:\program files\Orange\ICON 225 USB Connect\GtDetectSc.exe [2007-12-18 196704]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Amazon MP3 Downloader - c:\program files\Uninstall.exe

**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-01-20 23:11:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-20 23:11
ComboFix2.txt 2011-01-19 16:36
ComboFix3.txt 2011-01-19 15:42
ComboFix4.txt 2011-01-19 13:16
Pre-Run: 5,795,975,168 bytes free
Post-Run: 5,807,783,936 bytes free
- - End Of File - - 2161CAA3E484E8D57B0CFE6A76D82C93
 

kevinf80

Malware Specialist
Joined
Mar 21, 2006
Messages
11,383
First Name
Kevin
Hello waydown72,

What happened with Combofix? In post 11 I asked you to d/l Combofix, rename to Gotcha.exe and run it and post the log.

In post 12 the log shows that Combofix was not actually re-named, but ran as Combofix. That is no big deal as it ran OK. That is run No.1

In post 13 I give you a Script fix to run by dragging the fix text into Combofix. The resultant log should show run No.2

In post 14 I actually get a log from The 4th run of Combofix, and guess what; it has now been re-named to Gotcha.exe. What is going on? I had also asked you to run a scan with ESET and Security Checks and post those logs.

It is pointless me try to help you if you will not follow my instructions and just do as you please....

Kevin
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top