Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Don't Know =/


  • This topic is locked This topic is locked
11 replies to this topic

#1 tursup

tursup

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:georgia
  • Local time:04:13 PM

Posted 01 June 2008 - 11:28 AM

My computer wont go into safe mode, I cannot access everything in my control panel, and my computer wont defrag either. I think I got the virus that attacks your exe files, or something. (forgot the name of it) and I don't want to reformat... :thumbsup:



Deckard's System Scanner v20071014.68
Run by Logan on 2008-06-01 11:47:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2008-06-01 15:47:22 UTC - RP520 - Deckard's System Scanner Restore Point
10: 2008-06-01 15:20:44 UTC - RP519 - Installed Windows Internet Explorer 7.
9: 2008-06-01 15:18:49 UTC - RP518 - Installed Windows IDNMitigationAPIs.
8: 2008-06-01 15:18:21 UTC - RP517 - Installed Windows NLSDownlevelMapping.
7: 2008-06-01 15:17:36 UTC - RP516 - Installed Windows XP KB915865.


-- First Restore Point --
1: 2008-06-01 04:38:18 UTC - RP510 - Restore Operation


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Logan.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:58 AM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Logan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Logan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {C3A817D2-F447-8293-119B-AB8F00262EC3} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} (Setup Class) - https://www.permissionresearch.com/Config/C..._hooking_xp.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2ADC3D0-7C9C-43F7-B60B-1FF487713691}: NameServer = 64.53.24.66,64.53.24.67
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: efcAQIya - efcAQIya.dll (file missing)
O20 - Winlogon Notify: iifebyxW - iifebyxW.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 10049 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080518-102308-547 O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
backup-20080518-102308-767 O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
backup-20080518-102308-850 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - unable to read value
.inf - inffile - shell\open\command - unable to read value
.ini - inifile - DefaultIcon - unable to read value
.ini - inifile - shell\open\command - notepad.exe %1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - shell\open\command - notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 amdk77 - c:\windows\system32\drivers\amdk77.sys
R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Service: E100B

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0000
Manufacturer: Grisoft
Name: Linksys Wireless-G PCI Adapter - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0000
Service: Avgfwdx

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0001
Manufacturer: Grisoft
Name: Intel® PRO/100 VE Network Connection - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0001
Service: Avgfwdx

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0002
Manufacturer: Grisoft
Name: WAN Miniport (IP) - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0002
Service: Avgfwdx


-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 11:27:34 350 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DFTCPB71-Logan).job
2008-05-30 18:30:00 366 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DFTCPB71-Logan Fleming).job


-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-06-01 11:05:01 0 d-------- C:\Program Files\Crawler
2008-06-01 10:19:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-01 10:18:41 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 10:18:41 0 d-------- C:\Documents and Settings\Logan\Application Data\SUPERAntiSpyware.com
2008-06-01 09:04:29 0 d-------- C:\Documents and Settings\Logan\Application Data\Malwarebytes
2008-06-01 09:04:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 09:04:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 00:35:14 0 dr-h----- C:\Documents and Settings\Logan\Recent
2008-05-31 23:41:45 0 d-------- C:\Documents and Settings\Logan Fleming\Application Data\Spyware Terminator
2008-05-31 22:12:09 0 d-------- C:\Program Files\WinClamAVShield
2008-05-30 17:54:11 115200 --a------ C:\WINDOWS\system32\jrtuirqb.dll
2008-05-29 22:06:29 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-29 17:53:08 115200 --a------ C:\WINDOWS\system32\qvrqdffq.dll
2008-05-28 17:47:53 132096 --a------ C:\WINDOWS\system32\knlwtmsd.dll
2008-05-28 17:44:46 124416 --a------ C:\WINDOWS\system32\jsrsdypx.dll
2008-05-28 12:40:45 0 d-------- C:\Documents and Settings\Logan\Application Data\AVGTOOLBAR
2008-05-28 12:14:11 0 d-------- C:\Program Files\Lavasoft
2008-05-28 12:14:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 12:12:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 17:42:25 116224 --a------ C:\WINDOWS\system32\vvdnqvev.dll
2008-05-26 19:00:04 0 d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-05-26 17:53:17 1169 --a------ C:\WINDOWS\mozver.dat
2008-05-26 17:20:01 0 d-------- C:\Documents and Settings\Logan\Application Data\Talkback
2008-05-26 17:18:31 0 d-------- C:\Documents and Settings\Logan\Application Data\Mozilla
2008-05-25 17:43:00 114176 --a------ C:\WINDOWS\system32\vevdggqx.dll
2008-05-25 17:40:00 802401 --ahs---- C:\WINDOWS\system32\UtssrBeg.ini2
2008-05-25 16:36:33 888563 --ahs---- C:\WINDOWS\system32\hRCKmUtv.ini2
2008-05-25 15:04:53 0 d-------- C:\Program Files\Marcos Velasco Security
2008-05-25 15:00:41 0 d-------- C:\Program Files\RegEditX
2008-05-25 13:56:42 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-25 13:56:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-25 13:56:36 0 d-------- C:\Documents and Settings\Logan\Application Data\Spyware Terminator
2008-05-25 13:56:27 0 d-------- C:\Program Files\Spyware Terminator
2008-05-25 01:05:21 115200 --a------ C:\WINDOWS\system32\xncxanrr.dll
2008-05-25 01:03:46 134656 --a------ C:\WINDOWS\system32\ctqwrdiw.dll
2008-05-25 01:02:18 891372 --ahs---- C:\WINDOWS\system32\WFeMWyay.ini2
2008-05-24 23:25:35 888688 --ahs---- C:\WINDOWS\system32\YIOoqtwa.ini2
2008-05-24 21:55:48 889328 --ahs---- C:\WINDOWS\system32\BLVwyGgh.ini2
2008-05-24 17:24:06 134656 --a------ C:\WINDOWS\system32\xjiqvfae.dll
2008-05-24 17:23:02 904754 --ahs---- C:\WINDOWS\system32\VxIhQqss.ini2
2008-05-24 17:18:13 0 d-------- C:\WINDOWS\system32\??curity
2008-05-24 17:17:57 0 d-------- C:\Documents and Settings\Logan\Application Data\??crosoft
2008-05-24 17:17:51 0 d-------- C:\WINDOWS\system32\vntiho01
2008-05-21 15:51:13 0 d--h----- C:\Documents and Settings\Logan Fleming\Local Settings
2008-05-21 15:51:13 0 dr------- C:\Documents and Settings\Logan Fleming\Favorites
2008-05-21 15:51:13 0 d-------- C:\Documents and Settings\Logan Fleming\Desktop
2008-05-21 15:51:13 0 d--hs---- C:\Documents and Settings\Logan Fleming\Cookies
2008-05-21 15:51:13 0 dr-h----- C:\Documents and Settings\Logan Fleming\Application Data
2008-05-21 15:51:13 0 d-------- C:\Documents and Settings\Logan Fleming\Application Data\Sun
2008-05-21 15:51:13 0 d-------- C:\Documents and Settings\Logan Fleming\Application Data\Sonic
2008-05-21 15:51:13 0 d---s---- C:\Documents and Settings\Logan Fleming\Application Data\Microsoft
2008-05-21 15:51:13 0 d-------- C:\Documents and Settings\Logan Fleming\Application Data\Jasc Software Inc
2008-05-21 15:51:13 0 d-------- C:\Documents and Settings\Logan Fleming\Application Data\Identities
2008-05-21 15:51:12 0 d--h----- C:\Documents and Settings\Logan Fleming\Templates
2008-05-21 15:51:12 0 dr------- C:\Documents and Settings\Logan Fleming\Start Menu
2008-05-21 15:51:12 0 dr-h----- C:\Documents and Settings\Logan Fleming\SendTo
2008-05-21 15:51:12 0 dr-h----- C:\Documents and Settings\Logan Fleming\Recent
2008-05-21 15:51:12 0 d--h----- C:\Documents and Settings\Logan Fleming\PrintHood
2008-05-21 15:51:12 2097152 --ah----- C:\Documents and Settings\Logan Fleming\NTUSER.DAT
2008-05-21 15:51:12 0 d--h----- C:\Documents and Settings\Logan Fleming\NetHood
2008-05-21 15:51:12 0 dr------- C:\Documents and Settings\Logan Fleming\My Documents
2008-05-18 10:53:29 0 d--h----- C:\$AVG8.VAULT$
2008-05-18 10:40:10 0 d-------- C:\Program Files\AVG
2008-05-18 10:40:08 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-18 10:07:59 1227 --ahs---- C:\WINDOWS\system32\cMWvyccf.ini2
2008-05-18 10:02:46 86144 -----n--- C:\WINDOWS\system32\drivers\amdk77.sys
2008-05-16 19:03:34 0 d--h----- C:\Documents and Settings\Logan\Application Data\ijjigame
2008-05-16 19:00:39 0 d-------- C:\ijji
2008-05-16 19:00:39 0 d-------- C:\ENGLISH
2008-05-16 18:34:35 704512 --a------ C:\WINDOWS\system32\ijjiSetup.exe <Not Verified; NHN USA; ijjiSetup Application>
2008-05-16 18:34:35 0 d-------- C:\Program Files\NHN USA
2008-05-01 21:03:20 0 d-------- C:\Program Files\SpeedFan


-- Find3M Report ---------------------------------------------------------------

2008-06-01 06:14:37 405504 --a------ C:\WINDOWS\system32\ati2evxx.exe <Not Verified; ATI Technologies Inc.; ATI External Event Utility for WindowsNT and Windows9X>
2008-06-01 03:12:38 0 d-------- C:\Program Files\Steam
2008-06-01 00:36:10 0 d-------- C:\Program Files\RegScrubXP
2008-05-31 22:10:21 53760 --a------ C:\WINDOWS\system32\narrator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-28 12:38:28 0 d-------- C:\Program Files\Common Files
2008-05-28 12:38:27 0 d-------- C:\Documents and Settings\Logan\Application Data\??crosoft
2008-05-28 12:01:04 0 d-------- C:\Program Files\McAfee.com
2008-05-25 13:56:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-25 13:54:24 0 d-------- C:\Program Files\MUSICMATCH
2008-05-19 18:14:11 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-19 18:01:13 0 d-------- C:\Program Files\Macromedia
2008-05-19 17:56:17 0 d-------- C:\Program Files\Common Files\Macromedia
2008-05-18 16:12:09 0 d-------- C:\Program Files\Warcraft III
2008-05-18 10:58:28 0 d-------- C:\Program Files\Yahoo!
2008-04-02 15:43:39 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-26 18:15:58 1646592 --a------ C:\WINDOWS\system32\prmrsr.exe <Not Verified; PermissionResearch; PermissionResearch>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A817D2-F447-8293-119B-AB8F00262EC3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [05/25/2008 01:56 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/29/2008 10:06 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [05/31/2008 10:10 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [05/31/2008 10:10 PM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [05/31/2008 10:10 PM]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [05/31/2008 10:10 PM]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [06/01/2008 03:01 AM]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [05/30/2008 01:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/13/2008 12:43 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=01000000
"NoSaveSettings"=00000000
"ClearRecentDocsOnExit"=0000000000000000
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcAQIya]
efcAQIya.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifebyxW]
iifebyxW.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBrsstU

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27f962e5-ba6b-11d9-a621-806d6172696f}]
AutoRun\command- D:\setup.exe

*Newly Created Service* - GTNDIS5



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8544 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-01 11:49:55 ------------

Attached Files


Edited by tursup, 01 June 2008 - 11:40 AM.


BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:13 PM

Posted 01 June 2008 - 05:56 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 tursup

tursup
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:georgia
  • Local time:04:13 PM

Posted 01 June 2008 - 07:30 PM

I think this is bad...

ComboFix 08-06-01.6 - Logan 2008-06-01 19:30:25.1 - NTFSx86
Running from: C:\Documents and Settings\Logan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.


:thumbsup:

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:13 PM

Posted 02 June 2008 - 08:43 AM

That's all the log you got?

Check this link for info on how to get your recovery console installed.

http://www.bleepingcomputer.com/tutorials/how-to-install-the-windows-xp-recovery-console/


Then run Combofix again and post the log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 tursup

tursup
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:georgia
  • Local time:04:13 PM

Posted 02 June 2008 - 09:17 AM

Wont let me install it..

"Setup cannot continue because the version of Windows on your computer is newer than the version on the CD.

Warning: If you decide to delete the newer version of Windows that is currently installed on your computer, the files and settings cannot be recovered."
:thumbsup:

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:13 PM

Posted 02 June 2008 - 10:39 AM

Ok, we just need to take a different route, but we'll get there. :thumbsup:


Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 tursup

tursup
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:georgia
  • Local time:04:13 PM

Posted 02 June 2008 - 12:07 PM

when I downloaded it, it didn't have a picture on it it had that white square thing, and when I put it into combofix (which still has its picture) it said

Windows cannot find '''C:\WINDOWS\regedit.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search.

oh, and I cannot access cmd (says windows cannot access this file. You may not have apporiate permissions to access this item)

or boot into safe mode

or go into the user accounts thing, i can go into control panel but wont let me go into anything but admin tools, folder options, fonts, network connections, printers and faxes, scanners and cameras, scheduled tasks, taskbar and start menu, and windows card space

but for windows card space, taskbar and start menu, and folder options, it does not load up.. it gives me a list of files to load it up, but most of them don't have pictures.. oh and nothing in admin tools works...


(says windows cannot find c:\windows\system32\rundll32.exe Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search.
for the control panel things that it wont let me go into, and user account thing)

hope that this helps...

oh yeah, I downloaded norton free trial, and when I double-click on it, it says

"This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem."

=/ i'm thinking of reformatting, but I don't have the driver CDs, but I have the windows XP installation cd, do I need the driver cds to reformat?

Edited by tursup, 02 June 2008 - 09:14 PM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:13 PM

Posted 03 June 2008 - 11:09 AM

Let's try this first.

Click Start -> Run -> sfc /scannow

Follow the prompts and insert your Windows XP disc if prompted.


Let me know how it goes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 tursup

tursup
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:georgia
  • Local time:04:13 PM

Posted 03 June 2008 - 02:09 PM

wont let me access it, maybe the virus changed me to not admin of the computer?

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:13 PM

Posted 04 June 2008 - 01:11 PM

Ok, let's go back and get rid of some malware first.


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb and a new log from DSS in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 tursup

tursup
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:georgia
  • Local time:04:13 PM

Posted 04 June 2008 - 01:46 PM

i got frustrated dealing with the computer, so I decided to reformat it.. and so far it seems to be working fine

if anything goes wrong i'll be sure to tell you

thanks for helping me :thumbsup:

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:13 PM

Posted 05 June 2008 - 07:15 AM

Sounds good.

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users