Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I was cut off for no reply but I was ill How can I get back

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I was cut off for no reply but I was ill How can I get back

Unread postby iduhpres » December 25th, 2008, 9:16 pm

I was cut off in my getting help because I diod not rerply but I couldn't. I was ill and away from the compture. Here is the last link (http://malwareremoval.com/forum/viewtop ... 23#p385623) The computer is not fixed, It does seem that when I run Utorrent, it all slows down badly to naught though I have a fast speed upload line. How do I get going again? I did the combo fix and here is the latest log. Thanks.

ComboFix 08-12-24.01 - Administrator 2008-12-25 18:23:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1124 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-24 21:05 . 2008-12-24 21:05 <DIR> d-------- c:\program files\GPL MPEG Decoder
2008-12-24 21:00 . 2007-04-22 22:11 1,216,512 --a------ c:\windows\system32\xvidcore.dll
2008-12-24 21:00 . 2007-04-22 22:09 921,600 --a------ c:\windows\system32\vorbisenc.dll
2008-12-24 21:00 . 2006-10-28 11:11 516,096 --a------ c:\windows\system32\ac3filter.ax
2008-12-24 21:00 . 2004-09-23 19:20 290,304 --a------ c:\windows\system32\divxdec.ax
2008-12-24 21:00 . 2004-01-10 18:02 258,048 --a------ c:\windows\system32\GplMpgDec.ax
2008-12-24 21:00 . 2007-04-22 22:11 237,568 --a------ c:\windows\system32\xvidvfw.dll
2008-12-24 21:00 . 2007-04-22 22:10 237,568 --a------ c:\windows\system32\OggDS.dll
2008-12-24 21:00 . 2007-04-22 22:09 188,416 --a------ c:\windows\system32\vorbis.dll
2008-12-24 21:00 . 2004-03-26 16:32 116,224 --a------ c:\windows\system32\rmalt.ax
2008-12-24 21:00 . 2007-04-22 22:11 61,440 --a------ c:\windows\system32\xvid.ax
2008-12-24 21:00 . 2007-04-22 22:09 45,056 --a------ c:\windows\system32\ogg.dll
2008-12-24 21:00 . 2004-04-30 21:46 28,672 --a------ c:\windows\system32\qtalt.ax
2008-12-20 12:26 . 2008-12-20 12:26 <DIR> d-------- c:\program files\uTorrent
2008-12-17 21:36 . 2008-12-17 21:36 <DIR> d-------- c:\program files\AskBarDis
2008-12-17 21:36 . 2008-12-17 21:36 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Foxit
2008-12-17 19:12 . 2008-12-17 19:11 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-17 18:15 . 2008-12-17 18:15 <DIR> d-------- C:\New Folder
2008-12-17 17:31 . 2008-12-25 17:53 69 --a------ c:\windows\NeroDigital.ini
2008-12-17 15:40 . 2008-12-19 18:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ahead
2008-12-17 15:37 . 2008-12-17 15:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-12-16 19:32 . 2008-12-16 19:32 <DIR> d-------- C:\rsit
2008-12-09 19:09 . 2008-12-09 19:09 6,144 --ahs---- c:\windows\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 23:05 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2008-12-25 02:31 --------- d-----w c:\program files\dvdSanta
2008-12-24 21:02 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-18 00:11 --------- d-----w c:\program files\Java
2008-12-17 22:25 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-17 20:39 --------- d-----w c:\program files\Common Files\Ahead
2008-12-17 00:32 --------- d-----w c:\program files\Trend Micro
2008-12-09 06:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 06:14 --------- d-----w c:\program files\Google
2008-12-09 06:12 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-04 00:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 00:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-01 22:16 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2008-12-01 21:59 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2008-11-30 01:53 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-27 15:54 --------- d-----w c:\program files\WinISO
2008-11-27 15:54 --------- d-----w c:\program files\SMARTSOUND_10
2008-11-27 15:54 --------- d-----w c:\program files\Quicken
2008-11-27 15:54 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-27 15:54 --------- d-----w c:\program files\bin
2008-11-27 15:54 --------- d-----w c:\program files\Barcode Maker 5
2008-11-27 15:54 --------- d-----w c:\documents and settings\Administrator\Application Data\YouSendIt
2008-11-27 15:54 --------- d-----w c:\documents and settings\Administrator\Application Data\Vso
2008-11-27 15:54 --------- d-----w c:\documents and settings\Administrator\Application Data\iolo
2008-11-25 06:25 --------- d-----w c:\documents and settings\Administrator\Application Data\IObit
2008-11-25 01:21 --------- d-----w c:\program files\IObit
2008-11-24 15:33 --------- d-----w c:\documents and settings\Administrator\Application Data\MSNInstaller
2008-11-24 15:32 --------- d-----w c:\program files\Citrix
2008-11-22 23:32 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-22 18:23 --------- d-----w c:\program files\RogueRemover FREE
2008-11-21 21:13 --------- d-----w c:\program files\Picasa2
2008-11-20 02:21 --------- d-----w c:\documents and settings\Administrator\Application Data\ArcSoft
2008-11-13 00:08 --------- d-----w c:\program files\CCleaner
2008-11-07 14:11 --------- d-----w c:\program files\AT&W Technologies
2008-11-03 17:08 --------- d-----w c:\program files\Trojan Remover
2008-11-03 01:16 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-02 18:13 --------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-03-23 15:33 47,360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys
2008-02-05 08:03 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2003-10-06 22:03 44,544 ----a-w c:\windows\inf\i386\CR100\CR100WIA.dll
2003-10-06 22:03 139,264 ----a-w c:\windows\inf\i386\CR100\A8_cr100.dll
2001-08-03 22:29 13,824 ----a-w c:\windows\inf\i386\CR100\Usbscan.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-17_17.59.44.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-25 03:30:28 135,168 ------w c:\windows\system32\java.exe
+ 2008-12-18 00:11:48 144,792 ----a-w c:\windows\system32\java.exe
- 2007-09-25 03:30:30 135,168 ------w c:\windows\system32\javaw.exe
+ 2008-12-18 00:11:48 144,792 ----a-w c:\windows\system32\javaw.exe
- 2007-09-25 04:31:42 139,264 ------w c:\windows\system32\javaws.exe
+ 2008-12-18 00:11:48 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-25 23:06:32 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_684.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-30 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2008-11-26 2235920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-02-20 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-10-14 21:38 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 05:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--------- 2004-08-04 06:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-30 11:06 133104 c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-16 15:15 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 03:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--------- 2006-10-31 01:35 7634944 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2006-10-31 01:35 1622016 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF4 Registry Controller]
--a------ 2006-08-22 18:09 40960 c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-07-05 03:08 16380416 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-01-17 18:10 21686568 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
--a------ 2008-05-06 15:36 764776 c:\program files\iolo\System Mechanic 7\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-29 23:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2007-12-21 468224]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-02-07 566120]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-02-07 566120]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" []
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe []
S2 SessionLauncher;SessionLauncher; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0519fa17-d50a-11dc-bbcb-001d7d2a7b89}]
\Shell\AutoRun\command - setuppro.EXE /AUTORUN
\Shell\configure\command - setuppro.EXE
\Shell\install\command - setuppro.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8dda5d8-0c0a-11dd-bc07-001d7d2a7b89}]
\Shell\AutoRun\command - H:\setuppro.EXE /AUTORUN
\Shell\configure\command - H:\setuppro.EXE
\Shell\install\command - H:\setuppro.EXE
.
Contents of the 'Scheduled Tasks' folder

2008-12-25 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-30 11:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&amp;source=iglk
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE: Advanced Email Extractor - c:\program%20files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
IE: Scan link with AEE - c:\program%20files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\su2zsw8w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\Picasa2\npPicasa2.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
pref(dom.disable_open_during_load, true);.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 18:24:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-25 18:25:34
ComboFix-quarantined-files.txt 2008-12-25 23:25:00
ComboFix2.txt 2008-12-17 23:00:17

Pre-Run: 9,839,325,184 bytes free
Post-Run: 9,823,715,328 bytes free

236
iduhpres
Active Member
 
Posts: 4
Joined: December 4th, 2008, 12:53 pm
Advertisement
Register to Remove

Re: I was cut off for no reply but I was ill How can I get back

Unread postby Shaba » December 29th, 2008, 5:36 am

Hi iduhpres

As said in forum rules:

"NOTE:Topics which have not received a response from the original poster for a period of five days will be closed and archived. Those topics will not be reopened. If you know that for some reason you will be unable to respond to your topic for several days, you must notify your helper or you may return to find your topic has been closed and that you will need to start over with a new topic and a new helper."

So as it has been more than 5 days since your last reply, topic will not be reopened.

If you still need help, please start a new thread in Malware Removal section.

As for utorrent, please see here

You are required to uninstall it before cleaning as it violates forum policy.

Best regards.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 497 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware