Solve : Infection: Cannot download ComboFix? – InterviewSolution

InterviewSolution

1.	Solve : Infection: Cannot download ComboFix?
Answer» It appears that my machine has caught an infection, and I am having difficulty cleaning it. This bug appears to be blocking my attempts to download ComboFix from the three known mirrors for the download. On the first attempt, my anti-virus pops up and DELETES the ComboFix download, calling it "WIN32/SillyDl.PRR". On subsequent attempts, Firefox says that it cannot make the connection to the website. Attached are my logs from SAS, MBAM, and HJT. Any help you can provide would be rather... um... helpful SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/28/2009 at 04:17 AM Application Version : 4.32.1000 Core Rules Database Version : 4415 Trace Rules Database Version: 2243 Scan type : Complete Scan Total Scan Time : 00:41:11 Memory items scanned : 438 Memory threats detected : 0 Registry items scanned : 6080 Registry threats detected : 0 File items scanned : 65680 File threats detected : 2 Trojan.Agent/Gen-PEC C:\WINDOWS\PEV.EXE Adware.CouponBar C:\WINDOWS\SYSTEM32\CPNPRT2.CID Malwarebytes' Anti-Malware 1.42 Database version: 3443 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/28/2009 2:40:02 AM mbam-log-2009-12-28 (02-40-02).txt Scan type: Quick Scan Objects scanned: 121351 Time elapsed: 3 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner.VICTOR\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\notepad.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.VICTOR\Local Settings\temp\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.VICTOR\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.VICTOR\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.VICTOR\Local Settings\temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:45:04 AM, on 12/28/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\CA Internet Security Suite\casc.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/ O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1645522239-73586283-725345543-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ASP.NET STATE Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe -- End of file - 5741 bytes [Saving space, attachment deleted by admin]Download on a different system and transfer to yours.Downloaded ComboFix on my laptop and emailed it to myself. I was able to get it to run; however, I still believe I have a problem. I still can't download ComboFix on the infected computer. Included is the output from my combofix run. ComboFix 09-12-27.02 - Owner 12/28/2009 12:58:35.6.2 - x86 Running from: c:\documents and settings\Owner.VICTOR\Desktop\ComboFix.exe AV: CA Anti-Virus On-access scanning disabled (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} . ((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 ))))))))))))))))))))))))))))))) . 2009-12-28 08:29 . 2009-12-28 08:29--------d-----w-c:\program files\CCleaner 2009-12-28 08:04 . 2009-12-28 08:0452224----a-w-c:\documents and settings\Owner.VICTOR\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2009-12-28 08:04 . 2009-12-28 08:04117760----a-w-c:\documents and settings\Owner.VICTOR\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-12-28 08:04 . 2009-12-28 08:04--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-12-28 08:04 . 2009-12-28 08:04--------d-----w-c:\program files\SUPERAntiSpyware 2009-12-28 08:04 . 2009-12-28 08:04--------d-----w-c:\documents and settings\Owner.VICTOR\Application Data\SUPERAntiSpyware.com 2009-12-28 08:03 . 2009-12-28 08:03--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2009-12-28 07:57 . 2009-12-28 08:02152576----a-w-c:\documents and settings\Owner.VICTOR\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-28 07:35 . 2009-12-28 07:35--------d-----w-c:\documents and settings\Owner.VICTOR\Application Data\Malwarebytes 2009-12-28 07:35 . 2009-12-03 21:1438224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-28 07:35 . 2009-12-28 07:35--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-28 07:35 . 2009-12-28 07:35--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2009-12-28 07:35 . 2009-12-03 21:1319160----a-w-c:\windows\system32\drivers\mbam.sys 2009-12-28 06:42 . 2009-12-28 06:42--------d--h--w-c:\windows\PIF 2009-12-28 03:31 . 2009-12-28 08:32--------d-----w-c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-28 03:31 . 2009-12-28 03:35--------d-----w-c:\program files\Spybot - Search & Destroy 2009-12-16 04:09 . 2009-12-16 04:094096----a-w-c:\windows\d3dx.dat 2009-12-16 04:09 . 2009-12-16 04:09--------d-----w-c:\documents and settings\All Users\Application Data\Digital Praise 2009-12-16 04:03 . 2009-12-16 04:03--------d-----w-c:\program files\Digital Praise . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-28 08:03 . 2009-05-04 00:34411368----a-w-c:\windows\system32\deploytk.dll 2009-12-28 08:02 . 2009-11-28 00:0179488----a-w-c:\documents and settings\Owner.VICTOR\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-28 07:58 . 2009-05-04 00:34--------d-----w-c:\program files\Java 2009-12-28 06:03 . 2008-12-26 22:59--------d-----w-c:\documents and settings\Owner.VICTOR\Application Data\uTorrent 2009-12-23 22:17 . 2008-12-08 04:23--------d--h--w-c:\program files\InstallShield Installation Information 2009-11-28 00:01 . 2009-03-04 03:08111856----a-w-c:\windows\system32\isafprod.dll 2009-11-25 03:53 . 2009-11-25 03:50--------d-----w-c:\program files\Wings Over Europe 2009-11-23 00:09 . 2008-12-09 03:26--------d-----w-c:\program files\Sierra 2009-11-22 23:49 . 2009-11-22 23:49--------d-----w-c:\documents and settings\Owner.VICTOR\Application Data\Command & Conquer 3 Tiberium Wars 2009-11-13 02:36 . 2009-11-13 02:25--------d-----w-c:\documents and settings\Owner.VICTOR\Application Data\Juniper Networks 2009-11-13 02:25 . 2009-11-13 02:2537021----a-w-c:\documents and settings\Owner.VICTOR\Application Data\Juniper Networks\setup\uninstall.exe 2009-11-13 02:25 . 2009-11-13 02:25--------d-----w-c:\documents and settings\All Users\Application Data\Juniper Networks 2009-11-08 03:56 . 2009-11-08 03:56--------d-----w-c:\program files\Hasbro Interactive 2009-10-29 17:09 . 2009-03-04 03:08739696----a-w-c:\windows\system32\drivers\vetefile.sys 2009-10-29 17:09 . 2009-03-04 03:0826352----a-w-c:\windows\system32\drivers\vet-filt.sys 2009-10-29 17:09 . 2009-03-04 03:0821488----a-w-c:\windows\system32\drivers\vetfddnt.sys 2009-10-29 17:09 . 2009-03-04 03:0821104----a-w-c:\windows\system32\drivers\vet-rec.sys 2009-10-29 17:09 . 2009-03-04 03:08161008----a-w-c:\windows\system32\drivers\vetmonnt.sys 2009-10-29 17:09 . 2009-03-04 03:08133520----a-w-c:\windows\system32\drivers\veteboot.sys 2009-10-29 07:45 . 2006-02-28 12:00916480------w-c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2006-02-28 12:0075776----a-w-c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2006-02-28 12:0025088----a-w-c:\windows\system32\httpapi.dll 2009-10-20 21:49 . 2009-03-24 02:2668648----a-w-c:\documents and settings\Owner.VICTOR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-20 16:20 . 2006-02-28 12:00265728----a-w-c:\windows\system32\drivers\http.sys 2009-10-13 12:45 . 2009-03-31 23:021541416----a-w-c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll 2009-10-13 10:30 . 2006-02-28 12:00270336----a-w-c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2006-02-28 12:00149504----a-w-c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2006-02-28 12:0079872----a-w-c:\windows\system32\raschap.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-11-11 374000] "CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-11-28 271600] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2009-02-15 324848] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-28 149280] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW] 2007-06-06 20:4679368----a-w-c:\windows\system32\UmxWNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) S0 KmxStart;KmxStart;c:\windows\System32\DRIVERS\kmxstart.sys [2009-01-05 107512] S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-11-18 72696] S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-11-11 128240] S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-12-12 205304] S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2009-02-15 222448] . ------- Supplementary Scan ------- . uStart Page = www.yahoo.com/ LSP: c:\windows\system32\VetRedir.dll FF - ProfilePath - c:\documents and settings\Owner.VICTOR\Application Data\Mozilla\Firefox\Profiles\3fwv3dha.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-28 13:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1645522239-73586283-725345543-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:85,f6,c4,aa,69,14,e7,25,b1,86,3b,13,3e,ee,37,b0,03,da,26,24,67,6e,62, 7f,7a,e2,e1,fa,86,e8,9e,d7,43,b6,24,de,1d,78,ec,e7,da,21,5e,cb,be,58,45,8a,\ "??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12 [HKEY_USERS\S-1-5-21-1645522239-73586283-725345543-1006\Software\SecuROM\License information] "datasecu"=hex:cf,87,57,42,04,39,5c,cb,64,97,27,d9,b7,9e,e3,28,ec,cf,09,18,cb, f3,45,62,90,ed,01,17,38,61,26,88,12,ed,b1,b4,29,b2,1b,4e,93,6b,85,8f,85,97,\ "rkeysecu"=hex:14,53,cf,21,8e,0b,7b,e8,17,15,a9,b0,01,ce,5b,49 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1404) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\UmxWnp.Dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll - - - - - - - > 'lsass.exe'(1724) c:\windows\system32\VetRedir.dll c:\windows\system32\ISafeIf.dll - - - - - - - > 'explorer.exe'(2848) c:\windows\system32\WININET.dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-12-28 13:01:41 ComboFix-quarantined-files.txt 2009-12-28 18:01 ComboFix2.txt 2009-12-28 17:52 ComboFix3.txt 2009-07-09 02:53 Pre-Run: 243,469,676,544 bytes free Post-Run: 243,459,395,584 bytes free - - End Of File - - FD521EC8A7D771D97A384333ED61C98F Hi. Sorry for the delay. I'm waiting to check over your logs with my MENTOR. I hope this is not too much of a bother for you.where can i find the installation code because my keygen wont load?Install code for what? Combofix is free and does not need a key. Also, we do not approve the use of software such as keygens in this forum, so you won't find any help about THAT here.Hello jesusknight. I hope that you're not tired of waiting. I'm still working on your problem and I will post a fix for you ASAP.I'm back. Sorry for the delay. I noticed in your HJT log that you are running a P2P file-sharing program ( uTorrent) on your computer. While the program itself is probably safe, the files you download with this program are a major source of infections. Therefore, I strongly urge you to uninstall it. Please delete ComboFix from your desktop and install a new version. Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop. link # 1 Link # 2 Note: It is important that it is saved directly to your Desktop DO NOT run it yet! [/COLOR]Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: File:: c:\windows\d3dx.dat c:\documents and settings\Owner.VICTOR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 3. Go to the Notepad WINDOW and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze**

Discussion

No Comment Found

Related InterviewSolutions