Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help antivirus 2009


  • Please log in to reply
21 replies to this topic

#1 alfred018

alfred018

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 05 January 2009 - 10:46 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:03 PM, on 1/5/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\frmwrk32.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Hide My IP 2008\HideMyIP2008.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ntdll64.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\WINDOWS\System32\ntdll64.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchco.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Antivirus Pro 2009] "C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe" /hide
O4 - HKLM\..\Run: [Kzalamolim] rundll32.exe "C:\WINDOWS\Kxogiya.dll",e
O4 - HKLM\..\Run: [Vyugoxehotep] rundll32.exe "C:\WINDOWS\ayowujonaf.dll",e
O4 - HKLM\..\Run: [9c38f018] rundll32.exe "C:\WINDOWS\System32\lpvoeiav.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [HideMyIP2008] C:\Program Files\Hide My IP 2008\HideMyIP2008.exe
O4 - HKCU\..\Run: [74419538468059334338432673750037] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O20 - AppInit_DLLs: nghwpx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dllmgr64 - Unknown owner - C:\WINDOWS\dllmgr64.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5765 bytes


i need help, please. i need to know what programs to download to rid me of this. i think i have every virus known to man.
i think i have antivurus 2009 too, my brother did me up =(

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 06 January 2009 - 11:32 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 alfred018

alfred018
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 06 January 2009 - 04:22 PM

log file
Logfile of random's system information tool 1.05 (written by random/random)
Run by Anthony at 2009-01-06 13:52:15
Microsoft Windows XP Home Edition Service Pack 1
System drive C: has 29 GB (76%) free of 38 GB
Total RAM: 639 MB (68% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\yxhfdmvb.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{909152AF-17D9-4DE7-B789-5A5F9949004B}]
C:\WINDOWS\System32\qoMdDSMg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-07-16 842268]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-10-21 29696]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-17 590848]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-27 271672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2004-11-15 1670144]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Aim6"= []
"HideMyIP2008"=C:\Program Files\Hide My IP 2008\HideMyIP2008.exe [2008-04-12 913408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkHWPfE]
jkkHWPfE.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\System32\qoMdDSMg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-01-06 13:52:15 ----D---- C:\rsit
2009-01-06 13:19:51 ----D---- C:\Documents and Settings\Anthony\Application Data\Malwarebytes
2009-01-06 13:19:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-06 13:19:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-05 19:20:59 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-05 15:23:14 ----D---- C:\Program Files\Trend Micro
2009-01-03 16:57:45 ----ASH---- C:\WINDOWS\System32\phdicnwo.ini
2009-01-02 16:57:45 ----ASH---- C:\WINDOWS\System32\pauchpws.ini
2009-01-02 11:48:55 ----A---- C:\WINDOWS\ayowujonaf.dll
2009-01-01 16:54:19 ----ASH---- C:\WINDOWS\System32\nhbmljpi.ini
2009-01-01 16:48:35 ----A---- C:\WINDOWS\System32\971b3466-.txt
2009-01-01 16:48:14 ----ASH---- C:\WINDOWS\System32\gMSDdMoq.ini2
2009-01-01 16:48:14 ----ASH---- C:\WINDOWS\System32\gMSDdMoq.ini

======List of files/folders modified in the last 1 months======

2009-01-06 13:50:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-06 13:49:56 ----D---- C:\WINDOWS\System32\drivers
2009-01-06 13:49:56 ----D---- C:\WINDOWS\system32
2009-01-06 13:49:56 ----D---- C:\WINDOWS
2009-01-06 13:36:22 ----D---- C:\Program Files\Mozilla Firefox
2009-01-06 13:19:45 ----RD---- C:\Program Files
2009-01-06 12:57:06 ----D---- C:\WINDOWS\Temp
2009-01-06 12:56:19 ----D---- C:\Documents and Settings\Anthony\Application Data\AVG7
2009-01-06 08:24:53 ----RHD---- C:\$VAULT$.AVG
2009-01-05 23:45:57 ----D---- C:\WINDOWS\Prefetch
2009-01-05 23:08:53 ----D---- C:\WINDOWS\System32\config
2009-01-05 23:08:47 ----D---- C:\WINDOWS\System32\wbem
2009-01-05 23:08:46 ----D---- C:\WINDOWS\Registration
2009-01-05 20:21:55 ----D---- C:\WINDOWS\System32\CatRoot2
2009-01-05 19:42:09 ----D---- C:\Documents and Settings\Anthony\Application Data\MSN6
2009-01-05 15:14:15 ----D---- C:\Program Files\Common Files\AOL
2009-01-05 15:14:10 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-01-05 15:13:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-05 15:13:33 ----D---- C:\Program Files\LimeWire
2009-01-05 07:48:51 ----A---- C:\WINDOWS\System32\userinit.exe
2009-01-02 14:39:40 ----D---- C:\Program Files\Starcraft
2009-01-01 16:43:20 ----SD---- C:\WINDOWS\Tasks
2008-12-27 22:17:49 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-27 21:44:43 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-25 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-03-15 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-03-15 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-21 10760]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-03-15 4960]
R3 atirage3;atirage3; C:\WINDOWS\System32\DRIVERS\atimpae.sys [2001-08-17 75136]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-07-11 121856]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042mou.Sys [2004-10-21 54851]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidKE.Sys [2004-10-21 24671]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-10-21 38691]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouKE.Sys [2004-10-21 71535]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\System32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-07-16 5888]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekaqudaorxa.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-07-16 9600]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-14 22656]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-16 12032]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-02 611664]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-10-25 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-03-15 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2007-12-21 406528]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-27 501048]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 SecureSrv;SecureSrv; C:\Program Files\Hide My IP 2008\SecureSrv.exe [2008-09-05 110880]

-----------------EOF-----------------

Edited by alfred018, 06 January 2009 - 04:59 PM.


#4 alfred018

alfred018
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 06 January 2009 - 04:59 PM

info
info.txt logfile of random's system information tool 1.05 2009-01-06 13:52:19

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Antivirus Pro 2009-->C:\Program Files\AntivirusPro2009\Uninstall.exe
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /I{CEAC229C-5264-4E63-BB52-95B7D1CC2C5A}
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /i{CEAC229C-5264-4E63-BB52-95B7D1CC2C5A}
BlackBerry v4.2.1 for the 8100 Series Wireless Handheld-->MsiExec.exe /X{DD7C1079-A2CC-48FB-8208-1EE38C8C2FBA}
Chinese (Traditional) Language Support-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tw.inf, Uninstall
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Go Go Gourmet - Chef of the Year (remove only)-->"C:\Program Files\Yahoo! Games\Go Go Gourmet - Chef of the Year\Uninstall.exe"
Hide My IP 2008-->"C:\Program Files\Hide My IP 2008\unins000.exe"
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{ABCE1C63-56ED-41FF-BEAF-57321F70DC49}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LimeWire 4.12.11-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\System32\nvumpu.exe UninstallGUI
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905495)-->"C:\WINDOWS\$NtUninstallKB905495$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\System32\MacroMed\Flash\genuinst.exe C:\WINDOWS\System32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Update for Windows XP (KB835409)-->"C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB911567-->"C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
Windows XP Hotfix - KB912812-->"C:\WINDOWS\$NtUninstallKB912812-IE6SP1-20060322.182418$\spuninst\spuninst.exe"
Windows XP Hotfix - KB918439-->"C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\spuninst.exe"
Windows XP Hotfix - KB918899-->"C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Windows XP Hotfix - KB925486-->"C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"

System event log

Computer Name: ANTHONY
Event Code: 7036
Message: The SSDP Discovery Service service entered the stopped state.

Record Number: 1067678
Source Name: Service Control Manager
Time Written: 20090106134753.000000-480
Event Type: information
User:

Computer Name: ANTHONY
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.

Record Number: 1067677
Source Name: Service Control Manager
Time Written: 20090106134753.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ANTHONY
Event Code: 7036
Message: The SSDP Discovery Service service entered the stopped state.

Record Number: 1067676
Source Name: Service Control Manager
Time Written: 20090106134753.000000-480
Event Type: information
User:

Computer Name: ANTHONY
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.

Record Number: 1067675
Source Name: Service Control Manager
Time Written: 20090106134753.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ANTHONY
Event Code: 7036
Message: The SSDP Discovery Service service entered the stopped state.

Record Number: 1067674
Source Name: Service Control Manager
Time Written: 20090106134753.000000-480
Event Type: information
User:

Application event log

Computer Name: ANTHONY
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20070.21601, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 94
Source Name: Application Hang
Time Written: 20070315231102.000000-480
Event Type: error
User:

Computer Name: ANTHONY
Event Code: 1002
Message: Hanging application StubInstaller.exe, version 1.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 93
Source Name: Application Hang
Time Written: 20070315231000.000000-480
Event Type: error
User:

Computer Name: ANTHONY
Event Code: 1001
Message: Fault bucket 219625717.

Record Number: 92
Source Name: Application Hang
Time Written: 20070315230732.000000-480
Event Type: error
User:

Computer Name: ANTHONY
Event Code: 1002
Message: Hanging application StubInstaller.exe, version 1.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 91
Source Name: Application Hang
Time Written: 20070315230731.000000-480
Event Type: error
User:

Computer Name: ANTHONY
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20070.21601, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 90
Source Name: Application Hang
Time Written: 20070315225706.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#5 alfred018

alfred018
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 06 January 2009 - 05:15 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-06 14:12:08
Windows 5.1.2600 Service Pack 1


---- Kernel code sections - GMER 1.0.14 ----

? twuh.sys The system cannot find the file specified. !
? C:\WINDOWS\System32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[112] kernel32.dll!LoadLibraryExW + C4 77E6B790 4 Bytes [ 6C, 48, AA, 89 ]
.text C:\Program Files\Logitech\SetPoint\KEM.exe[412] kernel32.dll!LoadLibraryExW + C4 77E6B790 4 Bytes [ 6C, 48, E6, 88 ]
.text C:\WINDOWS\system32\winlogon.exe[668] kernel32.dll!LoadLibraryExW + C4 77E6B790 4 Bytes [ 6C, 48, 25, 89 ]
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExW + C4 77E6B790 4 Bytes [ 6C, 48, 1F, 88 ]
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryExW + C4 77E6B790 4 Bytes [ 6C, 48, C8, 88 ]
.text ...
.text C:\Documents and Settings\Anthony\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2172] kernel32.dll!FreeLibrary + 11 77E6A2C9 4 Bytes [ 6F, 5D, 89, F9 ]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2884] kernel32.dll!LoadLibraryExW + C4 77E6B790 4 Bytes [ 6C, 48, 21, 89 ]

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \FileSystem\Cdfs \Cdfs F880F3DF

---- EOF - GMER 1.0.14 ----


Malwarebytes' Anti-Malware 1.32
Database version: 1616
Windows 5.1.2600 Service Pack 1

1/6/2009 1:49:06 PM
mbam-log-2009-01-06 (13-49-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 73704
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 39

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dllmgr64 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kzalamolim (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vyugoxehotep (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Anthony\Start Menu\Programs\AntivirusPro2009 (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\lpvoeiav.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vaieovpl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\CCSPCFUD\VirusRemover2008_Setup_Free_en[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\CDEFGHU7\VirusRemover2008_Setup_Free_en[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\CDEFGHU7\VirusRemover2008_Setup_Free_en[2].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\CDEFGHU7\VirusRemover2008_Setup_Free_en[3].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\CDEFGHU7\winsinstall[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1606980848-1292428093-1801674531-1004\Dc74.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1606980848-1292428093-1801674531-1004\Dc75\av2009.exe (Rogue.Antivirus2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ADE1EF70-B7D8-4217-83AD-E14CDA21E0E8}\RP927\A0073254.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anmrgz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bvisxmkp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iilllv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nekvpx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nghwpx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhwnpvrb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upwmxwxx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vjefheik.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsrc.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Start Menu\Programs\AntivirusPro2009\AntivirusPro2009.lnk (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Start Menu\Programs\AntivirusPro2009\Uninstall.lnk (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\ivepewuk.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaqjenokkl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekavvebvjeb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaytnaqanv.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekaqudaorxa.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Delete on reboot.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 07 January 2009 - 02:23 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Edited by fenzodahl512, 07 January 2009 - 02:24 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 alfred018

alfred018
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 07 January 2009 - 02:54 AM

ComboFix 09-01-06.02 - Anthony 2009-01-06 23:54:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.639.333 [GMT -8:00]
Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Anthony\Cookies\zetux.reg
c:\program files\Mozilla Firefox\plugins\npclntax.dll
c:\windows\system32\gMSDdMoq.ini
c:\windows\system32\gMSDdMoq.ini2
c:\windows\system32\i
c:\windows\system32\nhbmljpi.ini
c:\windows\system32\pauchpws.ini
c:\windows\system32\phdicnwo.ini
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DLLMGR64
-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-06 14:03 . 2009-01-06 14:03 250 --a------ c:\windows\gmer.ini
2009-01-06 13:54 . 2009-01-06 13:54 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-06 13:52 . 2009-01-06 13:52 <DIR> d-------- C:\rsit
2009-01-06 13:19 . 2009-01-06 13:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 13:19 . 2009-01-06 13:19 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-01-06 13:19 . 2009-01-06 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-06 13:19 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-06 13:19 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-05 15:23 . 2009-01-05 15:23 <DIR> d-------- c:\program files\Trend Micro
2009-01-02 11:48 . 2009-01-02 11:48 134,656 --a------ c:\windows\ayowujonaf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 20:56 --------- d-----w c:\documents and settings\Anthony\Application Data\AVG7
2009-01-06 03:42 --------- d-----w c:\documents and settings\Anthony\Application Data\MSN6
2009-01-05 23:14 --------- d-----w c:\program files\Common Files\AOL
2009-01-05 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-01-05 23:13 --------- d-----w c:\program files\LimeWire
2009-01-02 22:39 --------- d-----w c:\program files\Starcraft
2008-12-28 06:17 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-28 05:44 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-14 11:03 19,625 ----a-w c:\documents and settings\Anthony\Application Data\qezyte.exe
2008-11-14 11:03 19,555 ----a-w c:\program files\Common Files\lunanyl.scr
2008-11-14 11:03 18,277 ----a-w c:\program files\Common Files\ygep.com
2008-11-14 11:03 18,165 ----a-w c:\program files\Common Files\ehifema.scr
2008-11-14 11:03 17,741 ----a-w c:\windows\vabafaqiti.bat
2008-11-14 11:03 17,179 ----a-w c:\windows\akyvi.bin
2008-11-14 11:03 17,112 ----a-w c:\windows\ywefycymyw.scr
2008-11-14 11:03 15,672 ----a-w c:\windows\esokyz.sys
2008-11-14 11:03 14,905 ----a-w c:\windows\howynu.pif
2008-11-14 11:03 12,252 ----a-w c:\windows\jogo.com
2008-11-14 11:03 10,122 ----a-w c:\documents and settings\All Users\Application Data\laxixemino.sys
2007-02-23 19:47 65,107 ----a-w c:\program files\BlackBerry_Desktop_Software_Help.chm
2007-02-23 19:47 5,687 ----a-w c:\program files\readme.txt
2007-02-09 09:27 39,116 ----a-w c:\program files\ILSYNC.HLP
2007-02-09 09:27 28,887 ----a-w c:\program files\DESKTOP.HLP
2007-02-09 09:27 10,871 ----a-w c:\program files\desktop.cnt
2007-02-09 09:27 1,743 ----a-w c:\program files\ILSync.cnt
2007-02-09 07:20 4,318 ----a-w c:\program files\conn_install.cfg
2008-12-20 19:02 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 19:02 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 19:02 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 19:02 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 19:02 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

2004-08-03 23:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe
2009-01-05 07:48 111616 67412a22840f827b42bf5c7df8ea16f5 c:\windows\system32\userinit.exe
2009-01-05 07:48 111616 67412a22840f827b42bf5c7df8ea16f5 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2004-11-15 1670144]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"HideMyIP2008"="c:\program files\Hide My IP 2008\HideMyIP2008.exe" [2008-04-12 913408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-27 271672]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-10-08 864256]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-09-17 581632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2008\SecureSrv.exe [2008-10-01 110880]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-06-27 24652]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-07 c:\windows\Tasks\yxhfdmvb.job
- c:\windows\system32\rundll32.exe [2003-07-16 12:43]
.
- - - - ORPHANS REMOVED - - - -

BHO-{909152AF-17D9-4DE7-B789-5A5F9949004B} - c:\windows\System32\qoMdDSMg.dll
HKCU-Run-Aim6 - (no file)
Notify-jkkHWPfE - jkkHWPfE.dll


.
------- Supplementary Scan -------
.
uStart Page = searchco.com/
mStart Page = hxxp://www.google.com
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\1ps13w6s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 23:56:52
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\ODBC32.dll
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'lsass.exe'(724)
c:\windows\System32\dssenh.dll
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-01-07 0:00:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-07 08:00:07

Pre-Run: 30,172,672,000 bytes free
Post-Run: 31,346,569,216 bytes free

168

Edited by alfred018, 07 January 2009 - 03:04 AM.


#8 alfred018

alfred018
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 07 January 2009 - 03:05 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:04 AM, on 1/7/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Hide My IP 2008\HideMyIP2008.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchco.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [HideMyIP2008] C:\Program Files\Hide My IP 2008\HideMyIP2008.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5112 bytes

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 07 January 2009 - 03:38 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\ayowujonaf.dll
c:\documents and settings\Anthony\Application Data\qezyte.exe
c:\program files\Common Files\lunanyl.scr
c:\program files\Common Files\ygep.com
c:\program files\Common Files\ehifema.scr
c:\windows\vabafaqiti.bat
c:\windows\akyvi.bin
c:\windows\ywefycymyw.scr
c:\windows\esokyz.sys
c:\windows\howynu.pif
c:\windows\jogo.com
c:\documents and settings\All Users\Application Data\laxixemino.sys
c:\windows\Tasks\yxhfdmvb.job
c:\windows\web\related.htm

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 alfred018

alfred018
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 07 January 2009 - 04:21 PM

ComboFix 09-01-07.01 - Anthony 2009-01-07 13:14:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.639.370 [GMT -8:00]
Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Anthony\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\documents and settings\All Users\Application Data\laxixemino.sys
c:\documents and settings\Anthony\Application Data\qezyte.exe
c:\program files\Common Files\ehifema.scr
c:\program files\Common Files\lunanyl.scr
c:\program files\Common Files\ygep.com
c:\windows\akyvi.bin
c:\windows\ayowujonaf.dll
c:\windows\esokyz.sys
c:\windows\howynu.pif
c:\windows\jogo.com
c:\windows\Tasks\yxhfdmvb.job
c:\windows\vabafaqiti.bat
c:\windows\web\related.htm
c:\windows\ywefycymyw.scr
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\laxixemino.sys
c:\documents and settings\Anthony\Application Data\qezyte.exe
c:\program files\Common Files\ehifema.scr
c:\program files\Common Files\lunanyl.scr
c:\program files\Common Files\ygep.com
c:\windows\akyvi.bin
c:\windows\ayowujonaf.dll
c:\windows\esokyz.sys
c:\windows\howynu.pif
c:\windows\jogo.com
c:\windows\Tasks\yxhfdmvb.job
c:\windows\vabafaqiti.bat
c:\windows\web\related.htm
c:\windows\ywefycymyw.scr

.
((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-07 13:16 . 2009-01-07 13:16 2,676 --a------ c:\windows\system32\win32hlp.cnf
2009-01-06 14:03 . 2009-01-06 14:03 250 --a------ c:\windows\gmer.ini
2009-01-06 13:54 . 2009-01-06 13:54 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-06 13:52 . 2009-01-06 13:52 <DIR> d-------- C:\rsit
2009-01-06 13:19 . 2009-01-06 13:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 13:19 . 2009-01-06 13:19 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-01-06 13:19 . 2009-01-06 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-06 13:19 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-06 13:19 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-05 15:23 . 2009-01-05 15:23 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 21:16 --------- d-----w c:\documents and settings\Anthony\Application Data\AVG7
2009-01-06 03:42 --------- d-----w c:\documents and settings\Anthony\Application Data\MSN6
2009-01-05 23:14 --------- d-----w c:\program files\Common Files\AOL
2009-01-05 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-01-05 23:13 --------- d-----w c:\program files\LimeWire
2009-01-02 22:39 --------- d-----w c:\program files\Starcraft
2008-12-28 06:17 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-28 05:44 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2007-02-23 19:47 65,107 ----a-w c:\program files\BlackBerry_Desktop_Software_Help.chm
2007-02-23 19:47 5,687 ----a-w c:\program files\readme.txt
2007-02-09 09:27 39,116 ----a-w c:\program files\ILSYNC.HLP
2007-02-09 09:27 28,887 ----a-w c:\program files\DESKTOP.HLP
2007-02-09 09:27 10,871 ----a-w c:\program files\desktop.cnt
2007-02-09 09:27 1,743 ----a-w c:\program files\ILSync.cnt
2007-02-09 07:20 4,318 ----a-w c:\program files\conn_install.cfg
2008-12-20 19:02 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 19:02 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 19:02 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 19:02 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 19:02 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-06_23.59.03.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-07 07:56:31 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-07 21:16:13 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-07 07:56:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-07 21:16:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-07 07:56:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-07 21:16:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-13 03:12:32 58,596 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-07 07:58:08 58,596 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-13 03:12:32 392,296 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-07 07:58:08 392,296 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2004-11-15 1670144]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"HideMyIP2008"="c:\program files\Hide My IP 2008\HideMyIP2008.exe" [2008-04-12 913408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-27 271672]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-10-08 864256]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-09-17 581632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2008\SecureSrv.exe [2008-10-01 110880]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-06-27 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = searchco.com/
mStart Page = hxxp://www.google.com
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\1ps13w6s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 13:16:33
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\ODBC32.dll

- - - - - - - > 'lsass.exe'(724)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-01-07 13:18:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-07 21:18:30
ComboFix2.txt 2009-01-07 08:00:14

Pre-Run: 31,317,327,872 bytes free
Post-Run: 31,305,940,992 bytes free

170


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:18 PM, on 1/7/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Hide My IP 2008\HideMyIP2008.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchco.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [HideMyIP2008] C:\Program Files\Hide My IP 2008\HideMyIP2008.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4935 bytes

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 08 January 2009 - 01:16 AM

Manually find and delete this file..

c:\windows\system32\win32hlp.cnf


Your AVG7 is outdated and no longer support by Grisoft.. It has been replaced by AVG8.. I strongly recommend you to uninstall your AVG7.5 and replace it with ONLY ONE of these free and excellent antivirus below..


Then, do below...


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Run ComboFix once again.. Post these logs in your next reply.

1. ESET Online
2. ComboFix
3. Tell me, how's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 alfred018

alfred018
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 09 January 2009 - 12:00 AM

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3752 (20090108)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=88a789e1fa6f0341980b0d6b825a0990
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-09 04:49:05
# local_time=2009-01-08 08:49:05 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 1
# scanned=80275
# found=0
# scan_time=761

#13 alfred018

alfred018
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 09 January 2009 - 12:16 AM

ComboFix 09-01-08.02 - Anthony 2009-01-08 21:02:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.639.272 [GMT -8:00]
Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\windows media player\mplayer2.exe
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\win32hlp.cnf

.
((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2009-01-08 20:11 . 2009-01-08 20:32 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-08 19:43 . 2009-01-08 19:43 <DIR> d-------- c:\program files\Alwil Software
2009-01-08 19:43 . 2003-03-18 12:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-01-08 12:37 . 2009-01-08 12:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-06 14:03 . 2009-01-06 14:03 250 --a------ c:\windows\gmer.ini
2009-01-06 13:54 . 2009-01-07 13:23 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-06 13:52 . 2009-01-06 13:52 <DIR> d-------- C:\rsit
2009-01-06 13:19 . 2009-01-06 13:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 13:19 . 2009-01-06 13:19 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-01-06 13:19 . 2009-01-06 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-06 13:19 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-06 13:19 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-05 15:23 . 2009-01-05 15:23 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 03:38 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2009-01-09 03:36 --------- d-----w c:\documents and settings\Anthony\Application Data\AVG7
2009-01-08 20:37 --------- d-----w c:\program files\Apple Software Update
2009-01-06 03:42 --------- d-----w c:\documents and settings\Anthony\Application Data\MSN6
2009-01-05 23:14 --------- d-----w c:\program files\Common Files\AOL
2009-01-05 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-01-05 23:13 --------- d-----w c:\program files\LimeWire
2009-01-02 22:39 --------- d-----w c:\program files\Starcraft
2008-12-28 06:17 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-28 05:44 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-14 11:03 15,991 ----a-w c:\windows\system32\ypugiporyx.pif
2008-11-14 11:03 13,701 ----a-w c:\windows\system32\yguj.sys
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2007-02-23 19:47 65,107 ----a-w c:\program files\BlackBerry_Desktop_Software_Help.chm
2007-02-23 19:47 5,687 ----a-w c:\program files\readme.txt
2007-02-09 09:27 39,116 ----a-w c:\program files\ILSYNC.HLP
2007-02-09 09:27 28,887 ----a-w c:\program files\DESKTOP.HLP
2007-02-09 09:27 10,871 ----a-w c:\program files\desktop.cnt
2007-02-09 09:27 1,743 ----a-w c:\program files\ILSync.cnt
2007-02-09 07:20 4,318 ----a-w c:\program files\conn_install.cfg
2008-12-20 19:02 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 19:02 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 19:02 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 19:02 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 19:02 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-06_23.59.03.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 11:58:05 100,352 ----a-w c:\windows\$hf_mig$\KB922819\SP2GDR\6to4svc.dll
+ 2006-08-16 09:37:30 225,664 ----a-w c:\windows\$hf_mig$\KB922819\SP2GDR\tcpip6.sys
+ 2006-08-16 12:08:32 100,352 ----a-w c:\windows\$hf_mig$\KB922819\SP2QFE\6to4svc.dll
+ 2006-08-16 10:13:39 225,664 ----a-w c:\windows\$hf_mig$\KB922819\SP2QFE\tcpip6.sys
+ 2005-10-12 23:16:49 14,048 ----a-w c:\windows\$hf_mig$\KB922819\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w c:\windows\$hf_mig$\KB922819\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w c:\windows\$hf_mig$\KB922819\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w c:\windows\$hf_mig$\KB922819\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w c:\windows\$hf_mig$\KB922819\update\updspapi.dll
+ 2006-08-25 15:45:58 617,472 ----a-w c:\windows\$hf_mig$\KB923191\SP2QFE\comctl32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w c:\windows\$hf_mig$\KB923191\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w c:\windows\$hf_mig$\KB923191\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w c:\windows\$hf_mig$\KB923191\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w c:\windows\$hf_mig$\KB923191\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w c:\windows\$hf_mig$\KB923191\update\updspapi.dll
+ 2006-08-14 10:34:41 332,928 ----a-w c:\windows\$hf_mig$\KB923414\SP2GDR\srv.sys
+ 2006-08-14 12:00:42 332,928 ----a-w c:\windows\$hf_mig$\KB923414\SP2QFE\srv.sys
+ 2005-10-12 23:16:49 14,048 ----a-w c:\windows\$hf_mig$\KB923414\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w c:\windows\$hf_mig$\KB923414\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w c:\windows\$hf_mig$\KB923414\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w c:\windows\$hf_mig$\KB923414\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w c:\windows\$hf_mig$\KB923414\update\updspapi.dll
+ 2006-09-13 05:01:56 1,084,416 ----a-w c:\windows\$hf_mig$\KB924191\SP2GDR\msxml3.dll
+ 2006-09-13 05:07:01 1,084,416 ----a-w c:\windows\$hf_mig$\KB924191\SP2QFE\msxml3.dll
+ 2005-10-12 23:12:25 14,048 ----a-w c:\windows\$hf_mig$\KB924191\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w c:\windows\$hf_mig$\KB924191\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w c:\windows\$hf_mig$\KB924191\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w c:\windows\$hf_mig$\KB924191\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w c:\windows\$hf_mig$\KB924191\update\updspapi.dll
+ 2006-09-04 06:08:01 1,494,016 ----a-w c:\windows\$hf_mig$\KB924496\SP2GDR\shdocvw.dll
+ 2006-09-04 06:12:56 1,497,088 ----a-w c:\windows\$hf_mig$\KB924496\SP2QFE\shdocvw.dll
+ 2005-10-12 23:12:25 14,048 ----a-w c:\windows\$hf_mig$\KB924496\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w c:\windows\$hf_mig$\KB924496\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w c:\windows\$hf_mig$\KB924496\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w c:\windows\$hf_mig$\KB924496\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w c:\windows\$hf_mig$\KB924496\update\updspapi.dll
- 2008-10-01 08:19:41 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-01-09 04:19:15 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-10-01 08:19:55 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-01-09 04:19:35 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-10-01 08:19:56 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-01-09 04:19:36 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-10-01 08:19:57 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-01-09 04:19:39 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-10-01 08:19:50 2,878,976 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-01-09 04:19:30 2,878,976 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-10-01 08:19:37 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-01-09 04:19:06 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-10-01 08:19:37 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-01-09 04:19:06 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-10-01 08:20:03 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-01-09 04:19:53 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-10-01 08:19:44 5,025,792 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-01-09 04:19:21 5,029,888 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-10-01 08:19:41 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-01-09 04:19:14 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-10-01 08:19:36 503,808 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-01-09 04:19:06 503,808 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-10-01 08:19:38 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-01-09 04:19:09 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-10-01 08:19:53 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-01-09 04:19:34 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-10-01 08:19:54 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-01-09 04:19:34 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-10-01 08:19:55 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-01-09 04:19:35 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-10-01 08:19:39 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-01-09 04:19:10 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-10-01 08:19:40 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-01-09 04:19:11 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-10-01 08:19:40 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-01-09 04:19:12 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-10-01 08:19:40 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-01-09 04:19:13 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-10-01 08:19:39 745,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-01-09 04:19:10 745,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-10-01 08:20:05 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-01-09 04:19:59 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-10-01 08:20:05 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-01-09 04:19:58 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-10-01 08:19:35 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-01-09 04:19:03 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-10-01 08:20:04 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-01-09 04:19:56 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-10-01 08:20:06 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-01-09 04:20:00 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-10-01 08:19:36 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-01-09 04:19:05 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-10-01 08:19:35 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-01-09 04:19:04 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-10-01 08:19:36 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-01-09 04:19:04 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-10-01 08:20:00 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-01-09 04:19:45 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-10-01 08:19:42 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-01-09 04:19:16 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-10-01 08:20:00 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-01-09 04:19:46 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-10-01 08:19:58 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-01-09 04:19:40 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-10-01 08:19:38 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-01-09 04:19:08 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-10-01 08:19:52 5,050,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-01-09 04:19:33 5,050,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-10-01 08:19:43 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-01-09 04:19:18 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-10-01 08:19:42 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-01-09 04:19:17 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-10-01 08:19:43 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-01-09 04:19:19 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-10-01 08:20:02 700,416 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-01-09 04:19:50 700,416 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-10-01 08:19:58 368,640 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-01-09 04:19:41 368,640 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-10-01 08:20:03 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-01-09 04:19:52 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-10-01 08:19:59 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-01-09 04:19:42 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-10-01 08:20:00 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-01-09 04:19:44 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-10-01 08:19:41 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-01-09 04:19:15 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-10-01 08:19:44 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-01-09 04:19:19 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-10-01 08:20:04 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-01-09 04:19:55 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-10-01 08:19:45 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-01-09 04:19:23 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-10-01 08:19:45 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-01-09 04:19:24 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-10-01 08:19:46 5,316,608 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-01-09 04:19:26 5,316,608 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-10-01 08:19:48 2,035,712 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-01-09 04:19:28 2,035,712 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-10-01 08:20:01 3,018,752 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-01-09 04:19:49 3,018,752 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-01-09 04:22:50 860,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a852c2e72d3ec94383c9b75fca4e724d\AspNetMMCExt.ni.dll
+ 2009-01-09 04:23:03 1,724,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\085f487961f2214c890e9154223bf98b\Microsoft.VisualBasic.ni.dll
+ 2009-01-09 04:15:44 10,723,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\835737d920acdc48af8f9a0a1f4282f7\System.Design.ni.dll
+ 2009-01-09 04:29:27 2,310,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\62159b1f679f56428f1e579cc88d5b91\System.Web.Mobile.ni.dll
+ 2009-01-09 04:29:33 1,945,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\566be090b41c834380da07cf1162c56d\System.Web.Services.ni.dll
+ 2009-01-09 04:29:17 11,845,632 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\e6cf018191444f43a80df42a9a6758e7\System.Web.ni.dll
+ 2008-10-01 08:19:58 368,640 ------w c:\windows\assembly\temp\O96BCHINSX\System.Management.dll
+ 2009-01-08 20:37:57 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2007-07-27 23:49:02 196,683 ----a-w c:\windows\LastGood\System32\lnod32apiA.dll
+ 2007-07-27 23:49:02 225,355 ----a-w c:\windows\LastGood\System32\lnod32apiW.dll
+ 2005-12-06 04:25:22 139,264 ----a-w c:\windows\LastGood\System32\lnod32umc.dll
+ 2005-12-05 21:37:10 106,496 ----a-w c:\windows\LastGood\System32\lnod32upd.dll
+ 2007-08-03 02:11:28 253,952 ----a-w c:\windows\LastGood\System32\OnlineScannerDLLA.dll
+ 2007-08-03 02:11:14 241,664 ----a-w c:\windows\LastGood\System32\OnlineScannerDLLW.dll
+ 2007-08-06 21:17:40 19,456 ----a-w c:\windows\LastGood\System32\OnlineScannerLang.dll
+ 2007-06-13 19:10:34 77,824 ----a-w c:\windows\LastGood\System32\OnlineScannerUninstaller.exe
- 2005-09-23 14:28:32 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2006-04-14 14:08:30 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 14:28:32 29,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2006-09-13 01:10:46 23,040 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2005-09-23 14:28:56 5,025,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2006-09-13 01:11:12 5,029,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 14:28:32 298,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2006-09-13 01:10:46 300,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr
- 2003-07-16 20:25:38 557,056 ----a-w c:\windows\system32\comctl32.dll
+ 2006-08-25 15:53:55 561,664 ----a-w c:\windows\system32\comctl32.dll
- 2009-01-07 07:56:31 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-09 04:05:23 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-07 07:56:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-09 04:05:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-07 07:56:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-09 04:05:23 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2003-07-16 20:25:38 557,056 -c--a-w c:\windows\system32\dllcache\comctl32.dll
+ 2006-08-25 15:53:55 561,664 -c--a-w c:\windows\system32\dllcache\comctl32.dll
- 2003-07-16 20:37:04 1,122,304 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2006-09-13 05:09:16 1,110,528 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2003-05-30 17:00:02 1,246,208 -c--a-w c:\windows\system32\dllcache\quartz.dll
+ 2005-08-30 16:14:00 1,227,776 -c--a-w c:\windows\system32\dllcache\quartz.dll
- 2006-04-21 05:24:28 321,536 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2006-08-14 08:59:20 321,536 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
- 2006-04-21 05:24:28 321,536 ----a-w c:\windows\system32\drivers\srv.sys
+ 2006-08-14 08:59:20 321,536 ----a-w c:\windows\system32\drivers\srv.sys
- 2006-05-19 08:46:02 203,008 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2006-08-16 09:28:57 205,120 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2007-07-27 23:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 23:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-06 04:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 21:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
- 2006-09-11 17:37:22 8,960,936 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2007-08-03 02:11:28 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2007-08-03 02:11:14 241,664 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2007-08-06 21:17:40 19,456 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2007-06-13 19:10:34 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
- 2008-11-13 03:12:32 58,596 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-09 04:20:26 58,596 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-13 03:12:32 392,296 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-09 04:20:26 392,296 ----a-w c:\windows\system32\perfh009.dat
- 2005-06-28 17:20:24 13,536 ----a-w c:\windows\system32\spmsg.dll
+ 2005-10-12 23:12:25 14,048 ------w c:\windows\system32\spmsg.dll
- 2004-12-07 17:11:00 258,352 ----a-w c:\windows\system32\unicows.dll
+ 2004-12-07 19:11:34 258,352 ----a-w c:\windows\system32\unicows.dll
+ 2009-01-09 04:05:35 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5cc.dat
+ 2006-08-25 15:53:52 925,184 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll
- 2008-10-01 08:19:37 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-01-09 04:19:06 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-10-01 08:19:37 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-01-09 04:19:06 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2004-11-15 1670144]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"HideMyIP2008"="c:\program files\Hide My IP 2008\HideMyIP2008.exe" [2008-04-12 913408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-27 271672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-09-17 581632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-08 111184]
R3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2008\SecureSrv.exe [2008-10-01 110880]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-06-27 24652]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
.
Contents of the 'Scheduled Tasks' folder

2009-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = searchco.com/
mStart Page = hxxp://www.google.com
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\1ps13w6s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 21:03:15
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\ODBC32.dll

- - - - - - - > 'lsass.exe'(736)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-01-08 21:04:15
ComboFix-quarantined-files.txt 2009-01-09 05:04:13
ComboFix2.txt 2009-01-07 21:18:37
ComboFix3.txt 2009-01-07 08:00:14

Pre-Run: 30,625,292,288 bytes free
Post-Run: 30,710,198,272 bytes free

358 --- E O F --- 2009-01-09 04:23:09

#14 alfred018

alfred018
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 09 January 2009 - 02:45 AM

HEY, i did all that u told me now when i restart my computer it logs me out. and everytime i try to log back in it kicks me back out to the log in screen. what do i do?

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 09 January 2009 - 10:14 AM

1. Insert the Windows XP bootable CD into the computer.
2. When prompted to press any key to boot from the CD, press any key.
3. Once in the Windows XP setup menu press the "R" key to repair Windows.
4. Log into your Windows installation by pressing the "1" key and pressing enter.
5. You will then be prompted for your administrator password, enter that password. Or, just press Enter if you don't set the password.
6. Type below at the command prompt.. Make sure you type it correctly

copy c:\windows\system32\dllcache\userinit.exe c:\windows\system32

Exit

7. Reboot the computer


Should that step fail, repeat Recovery Console but with this command


copy c:\windows\ServicePackFiles\i386\userinit.exe c:\windows\system32

Exit


Reboot your computer and tell me more about it..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users