Printer NOT working ~Please help regarding printer spooler service!

Continue on to the rest of the procedure and we will work on removing those programs later.
 
johnb35 said:
Post that log (Combofix.txt) in your next reply.
Click to expand...

ComboFix 10-12-23.01 - Lubnah 24/12/2010 5:53.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.511.217 [GMT 11:00]
Running from: c:\documents and settings\Lubnah\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lubnah\Desktop\CFScript.txt
AV: BP Security Anti-Virus *Disabled/Outdated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: BP Security Firewall *Disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lubnah\Application Data\PriceGong
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Lubnah\Application Data\PriceGong\Data\z.xml
c:\windows\LMI3F.tmp
c:\windows\LMI43.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_DFBCFDBA


((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-22 04:15 . 2010-12-22 04:15 -------- d-----w- C:\spoolerlogs
2010-12-16 19:00 . 2010-12-16 19:01 -------- d-----w- C:\680c114bc681db10c7
2010-12-16 04:27 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 04:27 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-11 15:40 . 2010-12-11 15:40 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-12-11 15:34 . 2010-12-11 15:34 -------- d-----w- c:\program files\VideoLAN
2010-12-11 15:34 . 2010-12-11 15:40 -------- d-----w- c:\program files\Graboid
2010-12-06 00:29 . 2010-11-29 06:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 00:29 . 2010-11-29 06:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 23:21 . 2010-08-17 13:17 58880 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe
2010-12-05 23:21 . 2010-08-17 13:17 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-05 21:38 . 2010-12-05 21:38 -------- d-----w- C:\found.002
2010-12-01 23:37 . 2010-12-06 00:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 04:07 . 2010-11-24 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 17:56 . 2009-11-07 03:17 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-11-18 18:12 . 2009-11-07 03:16 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2007-06-25 05:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2009-11-07 03:15 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2009-11-07 03:16 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2009-11-07 03:15 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-21 02:17 . 2009-08-17 18:30 40 ----a-w- C:\ZTWIN.BAT
2008-06-25 11:51 . 2008-06-25 11:51 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 06:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-08 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-08 81920]
"suScheduler"="c:\program files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 40960]
"ESP"="c:\program files\bigpond\security\app\start.exe" [2009-11-02 62952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-21 122368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-07 2780432]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Lubnah\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Catalyst System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-12 45056]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2/09/2009 6:20 PM 13360]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [23/09/2009 10:41 AM 121896]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [23/09/2009 10:41 AM 956968]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2/09/2009 6:20 PM 69936]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [25/06/2009 6:17 PM 87328]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [25/06/2009 6:17 PM 116000]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 3:23 PM 135664]
S2 SBAMSvc;AntiMalware;c:\program files\Common Files\Sunbelt\SBAMSvc.exe [8/09/2009 1:46 PM 1012040]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/08/2009 3:58 PM 93872]
S3 vbma012f;Virtual Bus for Microsoft ACPI-Compliant System; [x]
S3 XoftSpyService;XoftSpyService;"c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe" --> c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 04:23]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 04:23]

2010-12-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 06:50]

2010-12-23 c:\windows\Tasks\User_Feed_Synchronization-{0D7654D3-C6AF-4895-B3E3-901C128F42A7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2769726
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-24 06:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1896)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\bigpond\security\App\syssvcnt.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\program files\bigpond\security\app\Console.exe
c:\windows\system32\nisvcloc.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\windows\system32\HPZipm12.exe
c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-12-24 06:16:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-23 19:16
ComboFix2.txt 2010-12-23 11:30
ComboFix3.txt 2010-12-05 22:15

Pre-Run: 99,439,013,888 bytes free
Post-Run: 99,573,055,488 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 42B27A7394A2C5C897CE01CB8300E301
 
Please continue on with the procedures. Lets try something to see if it will fix the windows installer error.

1. Click Start, and then click Run
2. In the Open box, type cmd, and then click OK
3. At the command prompt, typemsiexec.exe /unregister, and then press ENTER.
4. Type msiexec /regserver, and then press ENTER.

Then try uninstalling those entries again. If it still don't work then do the following for the java entry.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Let me know if you still can't uninstall those last 2 programs. I can give you another combofix script to remove ask toolbar and possibly adobe.
 
johnb35 said:
4.

Rerun a malwarebytes scan after you update it of course and then post its log along with a fresh hijackthis log.
Click to expand...

Malewarebytes log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5384

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/12/2010 10:28:15 AM
mbam-log-2010-12-24 (10-28-15).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 400056
Time elapsed: 3 hour(s), 12 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\WINDOWS\pragmaixvpfpcbcv\pragmac.dll.vir (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\pragmaixvpfpcbcv\pragmad.sys.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\usrini~1.exe.vir (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\xuoc7s317u.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\Yusuf\application data\Cyyru\kasu.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\documents and settings\Yusuf\application data\Onzado\issup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\Yusuf\application data\Rotuev\uxvay.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\Yusuf\application data\Sun\Java\deployment\cache\6.0\10\74ea9d4a-74943b9e (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{56af33ab-4836-4b5a-9887-25b6813b0b1d}\RP408\A0375581.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{56af33ab-4836-4b5a-9887-25b6813b0b1d}\RP408\A0375583.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{56af33ab-4836-4b5a-9887-25b6813b0b1d}\RP408\A0375584.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\system volume information\_restore{56af33ab-4836-4b5a-9887-25b6813b0b1d}\RP443\A0386397.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{56af33ab-4836-4b5a-9887-25b6813b0b1d}\RP443\A0386398.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{56af33ab-4836-4b5a-9887-25b6813b0b1d}\RP445\A0388623.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.




Fresh hijackthis log to come...
 
johnb35 said:
4.

Rerun a malwarebytes scan after you update it of course and then post its log along with a fresh hijackthis log.
Click to expand...

hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:47:52 AM, on 24/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\bigpond\security\app\Console.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
c:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
c:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lubnah\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2769726
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - C:\Program Files\bigpond\security\App\popupbho01.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: BigPond Security Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - C:\Program Files\bigpond\security\App\popupbho01.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [ESP] C:\Program Files\bigpond\security\app\start.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BigPond Security System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\bigpond\security\App\syssvcnt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: AntiMalware (SBAMSvc) - Unknown owner - c:\Program Files\Common Files\Sunbelt\SBAMSvc.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: vseamps - Authentium, Inc - c:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - c:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: XoftSpyService - Unknown owner - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (file missing)

--
End of file - 12882 bytes
 
I'm at work now so can't post much but rerun hijackthis and place checks next to both 06 entries and then click on fix checked at the bottom. Have you tried that procedure yet to get Windows installer fixed?
 
Hello,

My scanner in my printer is not working. Do you know what could have caused this? Do you know if there is anyway to fix this? I've turned the printer on/off and rebooted my computer numerous times however the scanner still won't work. I don't really know what else to say about the problem.

Also, I would like to say thanks for all the help you've given me so far, I really appreciate it. It's nice to see a person who helps someone for the sake of helping and not to gain money or other forms of materialistic wealth. John35, what were your motivations to join a site such as this without asking anything else in return from those who you have helped so much over the years?
 
Download and run revouninstaller and see if it can get rid of adobe reader and ask toolbar.

http://www.revouninstaller.com/

Just make sure you scan and delete any existing leftover entries.

As far as your printer goes, try reinstalling the software for it.

I do this because I enjoy doing it. I always enjoy helping people.

Also it may help to reinstall windows installer.

http://www.microsoft.com/downloads/...6f-60b6-4412-95b9-54d056d6f9f4&displaylang=en

click on the download button next to where it says "WindowsXP-KB942288-v3-x86.exe"
 
Last edited:
johnb35 said:
Download and run revouninstaller and see if it can get rid of adobe reader and ask toolbar.

http://www.revouninstaller.com/

Just make sure you scan and delete any existing leftover entries.
Click to expand...

Yep, done.


johnb35 said:
Also it may help to reinstall windows installer.

http://www.microsoft.com/downloads/...6f-60b6-4412-95b9-54d056d6f9f4&displaylang=en

click on the download button next to where it says "WindowsXP-KB942288-v3-x86.exe"
Click to expand...

I tried doing this however something stopped the installation. A message popped up saying:

The file c:\windows\systems32\msiexec.exe is open or in use by another application.

Close all other applications then click retry.

retry| cancel

I only had a few internet webpages open when I tried to do this, so I'm not sure how the file above is said to be open.
 
Also now I have adobe files which I have downloaded in the past which I cannot open. I think I have Adobe Shockwave Player 11.5 and Adobe Flash Player 10 ActiveX. But I don't think these allow me to open the adobe files and I can't open them. When I double click an adobe file in an attempt to open the file it says:

Windows cannot open this file:

adobefile[1].pdf

To open this file, Windows needs to know what program created it. Windows can go online to look it up automatically, or you can manually select from a list of the programs on your computer.

What do you what to do?
- Use the Web service to find the appropriate program
- Select the program from a list

Ok | Cancel
 
There was also a small message at the top saying:
To help protect your security, Internet Explorer blocked this site from downloading files to your computer. Click here for more options...

I clicked download but still nothing came up.
 
You must log in or register to reply here.
Back
Top