Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with urqRHBts.dll and xxyvsSLd.dll and gadcom


  • This topic is locked This topic is locked
3 replies to this topic

#1 Mark7B

Mark7B

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 27 December 2008 - 06:49 PM

I had detected this infection and was unable to remove it by hand using file deletes/renames in safe mode command prompt along with regedit changes that mysteriously undid themselves moments later. You will see some references to the DLLs with an _dll extension. They are dupes I can delete from the registry by hand later. Gadcom was removed by AVG or AdAware more than once now but it keeps reappearing. Many thanks for your help!!!


DDS (Version 1.1.0) - NTFSx86
Run by Mark at 18:10:03.07 on Sat 12/27/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.512.225 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\urqRHBts.dll
BHO: {75f6120f-cfea-4174-b21e-ead637aa8f34} - c:\windows\system32\xxyvsSLd.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {95178a42-316d-63f8-3be4-e37cac3d8f3b}: {b3f8d3ca-c73e-4eb3-8f36-d61324a87159} - c:\windows\system32\horxgr._dll
BHO: {e025cfae-ab75-4bec-b506-aae84205e4b1} - c:\windows\system32\cbXQgdaY.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GetModule32] "c:\program files\getmodule\GetModule32.exe"
uRun: [gadcom] "c:\documents and settings\mark\application data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
uRun: [SpeedRunner] c:\documents and settings\mark\application data\speedrunner\SpeedRunner.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [70235bee] rundll32.exe "c:\windows\system32\okckijed.dll",b
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: NoRecentDocsNetHood = 01000000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: amaena.com
Trusted Zone: antimalwareguard.com
Trusted Zone: antispyexpert.com
Trusted Zone: avsystemcare.com
Trusted Zone: gomyhit.com
Trusted Zone: imageservr.com
Trusted Zone: imagesrvr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: spyguardpro.com
Trusted Zone: storageguardsoft.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusremover2008.com
Trusted Zone: virusschlacht.com
Trusted Zone: amaena.com
Trusted Zone: antimalwareguard.com
Trusted Zone: antispyexpert.com
Trusted Zone: avsystemcare.com
Trusted Zone: gomyhit.com
Trusted Zone: imageservr.com
Trusted Zone: imagesrvr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: spyguardpro.com
Trusted Zone: storageguardsoft.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusremover2008.com
Trusted Zone: virusschlacht.com
TCP: {E589FFE4-21E6-45C3-941B-99E750A29C7C} = 66.133.170.2,170.215.255.114
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: urqR-HBts - urqRHBts._dll
Notify: urqRHBts - urqRHBts.dll
AppInit_DLLs: avgrsstx.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\urqRHBts.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\xxyvsSLd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles\7hq3m8r1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-8 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-8 26824]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-8 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-8 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-8 76040]
R3 4mmdat;4mmdat;c:\windows\system32\drivers\4mmdat.sys [2008-12-6 12288]
R3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [2008-12-6 70528]

=============== Created Last 30 ================

2008-12-27 17:55 1,306,974 ---sh--- c:\windows\system32\dejikcko.ini
2008-12-27 17:55 72,704 a------- c:\windows\system32\okckijed.dll
2008-12-27 17:52 129,024 a------- c:\windows\system32\ybsdrb.dll
2008-12-27 17:52 129,024 a------- c:\windows\system32\eyohpkjr.dll
2008-12-27 15:40 700,564 a--sh--- c:\windows\system32\dLSsvyxx.ini2
2008-12-27 15:40 700,564 a--sh--- c:\windows\system32\dLSsvyxx.ini
2008-12-27 15:39 302,592 a------- c:\windows\system32\xxyvsSLd.dll
2008-12-27 11:02 <DIR> --d----- c:\docume~1\mark\applic~1\SpeedRunner
2008-12-27 10:47 <DIR> --d----- c:\docume~1\mark\applic~1\gadcom
2008-12-27 10:47 34,816 a------- c:\windows\system32\urqRHBts.dll
2008-12-24 13:27 <DIR> --d----- c:\program files\DivX
2008-12-24 09:31 69 a------- c:\windows\NeroDigital.ini
2008-12-21 08:00 <DIR> --d----- c:\program files\Lavasoft
2008-12-21 07:59 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-19 17:28 <DIR> --d----- c:\program files\ExpressPCB
2008-12-17 19:26 245,248 a------- c:\windows\UNINST16.EXE
2008-12-17 07:33 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-14 12:29 1,911 a------- c:\windows\jzxxg48.ini
2008-12-14 09:47 <DIR> --d----- c:\program files\Power Tab Software
2008-12-14 09:30 1,417 a------- c:\windows\tefview.ini
2008-12-14 08:54 <DIR> --d----- c:\program files\AP Tuner
2008-12-14 08:52 <DIR> --d----- c:\program files\FreeRIP2
2008-12-14 08:12 218 a------- c:\windows\sailwave.ini
2008-12-14 08:08 964 a------- c:\windows\sailwav2.ini
2008-12-14 08:08 <DIR> --d----- c:\program files\Sailwave
2008-12-13 16:50 333 a------- c:\windows\PowerReg.dat
2008-12-13 16:49 <DIR> --d----- C:\Palm
2008-12-13 16:45 <DIR> --d----- c:\documents and settings\mark\WINDOWS
2008-12-13 16:26 <DIR> --d----- c:\windows\BBSTORE
2008-12-13 16:25 <DIR> --d----- c:\program files\Broderbund
2008-12-13 16:02 664 a------- c:\windows\system32\d3d9caps.dat
2008-12-11 20:55 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-11 20:55 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-11 20:55 <DIR> --d----- c:\program files\iPod
2008-12-11 20:55 <DIR> --d----- c:\program files\iTunes
2008-12-11 20:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-11 20:54 <DIR> --d----- c:\program files\Bonjour
2008-12-09 21:14 210,944 a------- c:\windows\system32\Msvcrt10.dll
2008-12-09 21:14 65,536 a------- c:\windows\system32\adistres.dll
2008-12-09 21:14 20,584 a------- c:\windows\system32\PdfPorts.dll
2008-12-09 21:14 101,200 a------- c:\windows\system32\pdfshell.dll
2008-12-09 21:13 <DIR> --d----- c:\windows\system32\Adobe
2008-12-09 21:01 306,688 a------- c:\windows\IsUninst.exe
2008-12-09 20:55 125,184 -------- c:\windows\system32\drivers\imagesrv.sys
2008-12-09 20:55 5,504 -------- c:\windows\system32\drivers\imagedrv.sys
2008-12-09 20:54 106,496 a------- c:\windows\system32\TwnLib20.dll
2008-12-09 20:54 1,568,768 a------- c:\windows\system32\ImagX7.dll
2008-12-09 20:54 476,320 a------- c:\windows\system32\ImagXpr7.dll
2008-12-09 20:54 471,040 a------- c:\windows\system32\ImagXRA7.dll
2008-12-09 20:54 262,144 a------- c:\windows\system32\ImagXR7.dll
2008-12-09 20:54 155,648 a------- c:\windows\system32\NeroCheck.exe
2008-12-09 20:44 <DIR> --d----- c:\program files\Jasc Software Inc
2008-12-09 20:31 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2008-12-09 19:54 <DIR> --d----- c:\program files\ViewSonic
2008-12-09 19:53 88 a------- c:\windows\VSWizard.ini
2008-12-09 19:34 768 a------- c:\windows\system32\d3d8caps.dat
2008-12-08 21:08 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-08 21:08 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-08 21:08 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-08 21:08 <DIR> --d----- c:\docume~1\mark\applic~1\AVGTOOLBAR
2008-12-08 21:08 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-08 21:08 <DIR> --d----- c:\program files\AVG
2008-12-08 21:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-08 20:45 0 a------- c:\windows\frontpg.ini
2008-12-08 20:45 7,680 ac------ c:\windows\system32\dllcache\ftpctrs2.dll
2008-12-08 20:45 7,909 a------- c:\windows\system32\ftpctrs.ini
2008-12-08 20:45 7,680 a------- c:\windows\system32\ftpctrs2.dll
2008-12-08 20:45 2,549 a------- c:\windows\system32\ftpctrs.h
2008-12-08 20:43 <DIR> --d----- c:\windows\IIS Temporary Compressed Files
2008-12-08 20:41 9,216 ac------ c:\windows\system32\dllcache\wamps51.dll
2008-12-08 20:40 <DIR> --d----- c:\windows\system32\Logfiles
2008-12-08 20:40 <DIR> --d----- C:\Inetpub
2008-12-07 21:51 <DIR> --d----- c:\windows\system32\scripting
2008-12-07 21:51 <DIR> --d----- c:\windows\l2schemas
2008-12-07 21:51 <DIR> --d----- c:\windows\system32\en
2008-12-07 21:45 <DIR> --d----- c:\windows\network diagnostic
2008-12-07 21:37 336,753 a------- c:\windows\FenderStrat.jpg
2008-12-07 21:06 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2008-12-07 21:04 <DIR> --d----- c:\windows\Downloaded Installations
2008-12-07 21:03 266,360 a------- c:\windows\system32\TweakUI.exe
2008-12-07 21:03 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2008-12-07 20:39 375,519 -c------ c:\windows\system32\dllcache\nuskin.wmv
2008-12-07 20:16 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2008-12-07 20:16 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2008-12-07 20:16 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2008-12-07 20:16 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-12-07 20:16 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-07 20:16 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-07 20:16 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-07 20:16 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-07 20:15 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2008-12-07 20:15 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-12-07 20:15 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2008-12-07 20:15 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2008-12-07 20:15 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-12-07 11:22 2,359,350 a------- c:\windows\vi.bmp
2008-12-07 11:22 2,359,350 a------- c:\windows\truecolors3.bmp
2008-12-07 08:10 316,640 a------- c:\windows\WMSysPr9.prx
2008-12-07 08:08 <DIR> --d----- c:\windows\peernet
2008-12-07 08:08 <DIR> --d----- c:\windows\provisioning
2008-12-07 08:06 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-07 08:00 <DIR> --d----- c:\windows\system32\ReinstallBackups
2008-12-07 07:56 <DIR> --d----- c:\windows\EHome
2008-12-06 21:51 11,264 a------- c:\windows\system32\spnpinst.exe
2008-12-06 21:51 7,208 a------- c:\windows\system32\secupd.sig
2008-12-06 21:51 4,569 a------- c:\windows\system32\secupd.dat
2008-12-06 21:51 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2008-12-06 21:27 1,082,368 a------- c:\windows\system32\esent.dll
2008-12-06 21:19 <DIR> --ds---- c:\windows\system32\Microsoft
2008-12-06 21:18 <DIR> --d----- c:\windows\system32\PreInstall
2008-12-06 21:18 26,488 a------- c:\windows\system32\spupdsvc.exe
2008-12-06 21:18 <DIR> --d-h--- c:\windows\$hf_mig$
2008-12-06 21:17 <DIR> --d----- c:\windows\system32\bits
2008-12-06 21:17 354,304 a------- c:\windows\system32\winhttp.dll
2008-12-06 21:17 18,944 a------- c:\windows\system32\qmgrprxy.dll
2008-12-06 21:17 8,192 a------- c:\windows\system32\bitsprx2.dll
2008-12-06 21:17 7,168 a------- c:\windows\system32\bitsprx3.dll
2008-12-06 21:12 31,768 a------- c:\windows\system32\wucltui.dll.mui
2008-12-06 21:12 213,528 a------- c:\windows\system32\wuaucpl.cpl
2008-12-06 21:12 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2008-12-06 21:12 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-12-06 21:12 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2008-12-06 20:54 <DIR> --dsh--- c:\documents and settings\mark\UserData
2008-12-06 20:33 <DIR> --d----- c:\program files\common files\L&H
2008-12-06 20:32 <DIR> --d----- c:\program files\Microsoft ActiveSync
2008-12-06 20:19 376 a------- c:\windows\ODBC.INI
2008-12-06 20:16 <DIR> --d----- c:\windows\ShellNew
2008-12-06 19:38 <DIR> --dsh--- c:\windows\Installer
2008-12-06 19:38 <DIR> --d----- c:\documents and settings\Mark
2008-12-06 19:37 13,588 a------- c:\windows\system32\wpa.bak
2008-12-06 19:32 8,192 a------- c:\windows\REGLOCS.OLD
2008-12-06 19:29 205,824 ac------ c:\windows\system32\dllcache\EXCH_seo.dll
2008-12-06 19:28 5,632 ac------ c:\windows\system32\dllcache\kbdfa.dll
2008-12-06 19:27 57,399 ac------ c:\windows\system32\dllcache\cplexe.exe
2008-12-06 19:26 <DIR> --d----- c:\windows\system32\xircom
2008-12-06 19:25 2,577 a------- c:\windows\system32\CONFIG.NT
2008-12-06 19:25 0 a------- c:\windows\control.ini
2008-12-06 19:25 25,065 a------- c:\windows\system32\wmpscheme.xml
2008-12-06 19:25 23,392 a------- c:\windows\system32\nscompat.tlb
2008-12-06 19:25 16,832 a------- c:\windows\system32\amcompat.tlb
2008-12-06 19:25 299,552 a------- c:\windows\WMSysPrx.prx
2008-12-06 19:23 <DIR> --dsh--- c:\documents and settings\all users\DRM
2008-12-06 19:22 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2008-12-06 19:22 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2008-12-06 19:22 <DIR> --ds---- c:\windows\Downloaded Program Files
2008-12-06 19:22 <DIR> --d--r-- c:\windows\Offline Web Pages
2008-12-06 19:22 749 a---hr-- c:\windows\WindowsShell.Manifest
2008-12-06 19:22 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-06 19:22 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2008-12-06 19:22 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2008-12-06 19:22 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2008-12-06 19:22 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2008-12-06 19:22 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2008-12-06 19:21 <DIR> --d----- c:\windows\system32\DirectX
2008-12-06 19:20 <DIR> --d----- c:\program files\common files\MSSoap
2008-12-06 19:18 <DIR> --d-h--- c:\program files\WindowsUpdate
2008-12-06 19:18 <DIR> --d----- c:\program files\Online Services
2008-12-06 19:18 <DIR> --d----- c:\program files\Messenger
2008-12-06 19:18 <DIR> --d----- c:\program files\MSN Gaming Zone
2008-12-06 19:16 <DIR> --d----- c:\program files\Windows NT
2008-12-06 13:48 <DIR> --d----- c:\program files\common files\ODBC
2008-12-06 13:48 <DIR> --d----- c:\program files\common files\SpeechEngines
2008-12-06 13:47 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2008-12-07 21:55 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-07 09:28 5,058 a------- c:\windows\help\hhcolreg.dat
2008-12-06 19:18 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-11-21 16:47 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-21 16:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 16:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll

============= FINISH: 18:12:14.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Mark7B

Mark7B
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 28 December 2008 - 12:53 PM

Some additional info... I have installed Spybot S&D and ran it. There were several trogans I had it remove. Today I ran it again and some of them reappeared so I removed them again (probably in vain).

I am now getting a windows security alert indicating Automatic Updates is turned off. On trying to turn it on, it goes back to the off state. I tried using the windows update link to run it from my be browser and get this:

The site cannot continue because one or more of these Windows services is not running:

Automatic Updates (allows the site to find, download and install high-priority updates for your computer)
Background Intelligent Transfer Service (BITS) (helps updates download more quickly and without problems if the download process is interrupted)
Event Log (keeps a record of updating activities to help with troubleshooting, if needed)
To make sure these services are running:
1. Click Start, and then click Run.
2. Type services.msc and then click OK.
3. In the list of services, double-click on Automatic Updates and then click Properties.
4. In the Startup type list, select Automatic and click Apply.
5. Verify that the Service status is started, if the Service Status is Stopped click on the Start Button.
6. In the list of services, double-click on Background Intelligent Transfer Service (BITS) and then click Properties.
7. In the Startup type list, select Manual and click Apply.
8. Verify that the Service status is started, If the Service Status is Stopped click on the Start Button.
9. In the list of services, double-click on Event Log and then click Properties.
10. In the Startup type list, select Automatic and click Apply.
11. Verify that the Service status is started, If the Service Status is Stopped click on the Start Button.


Attempting the instructions, when trying to start the Automatic Updates service, I get an error dialog box indicating:

Could not start the service on Local Computer. Error 1058: The service cannot be started because it is disabled or because it has not enabled devices.

On further inspection there are no enabled devices to see in the dependencies tab of the properties window.

This is getting mighty frustrating. I sincerely appreciate a quick assist.

#3 Mark7B

Mark7B
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 29 December 2008 - 10:46 AM

HiJackThis Team / Moderators,

noticing the response time can be up to 2 weeks or so I have elected to rebuild my box. This decision was in part due to my growing lack of trust that any cure would restore the true integrity of the machine because it would appear things on the OS side were being altered.

Please mark this thread closed.

Happy new year.
Mark

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 05 January 2009 - 09:35 AM

Thank you for notify us.. I will now close this topic.. Please pm any Moderator or HijackThis Team should you need to re-open this topic..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users