Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unkown infection keeps Windows XP from starting up, reboots


  • This topic is locked This topic is locked
2 replies to this topic

#1 UncleGrubby

UncleGrubby

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 27 January 2009 - 01:18 PM

Hi!

My computer got infected and I ran Malwarebytes Anti-Malware. It found infected items, removed them and then told me to restart to complete the process. I did so and when the computer got to the point where it says "Windows is Starting Up" it inexplicably restarted after a few seconds. This is did over and over again until finally I shut off the computer.

Curious, I found I could start the computer in Safe Mode. However, I don't know what to do in Safe Mode to get it to boot normally. Please note that I have no way to get online with the infected computer because it will not allow me to do so. I think maybe this has something to do with Safe Mode as it won't let me access printer functions either. If that is not the case then this must be a real mess!

Here's my log:


DDS (Ver_09-01-19.01) - NTFSx86 MINIMAL
Run by Owner at 13:04:02.17 on Tue 01/27/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.259 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
L:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://srch-us9.hpwis.com/
uDefault_Page_URL = hxxp://us9.hpwis.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
uSearch Bar = hxxp://srch-us9.hpwis.com/
mDefault_Page_URL = hxxp://us9.hpwis.com/
mDefault_Search_URL = hxxp://srch-us9.hpwis.com/
mSearch Page = hxxp://srch-us9.hpwis.com/
mStart Page = hxxp://us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hewlett-packard\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Mirar: {dab97c5e-02b7-4aa0-9049-00db34076f6f} - c:\windows\system32\wincd77.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BackupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [cogad] "c:\documents and settings\owner\application data\cogad\cogad.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NAV CfgWiz] c:\progra~1\norton~1\Cfgwiz.exe /R
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ccRegVfy] "c:\program files\common files\symantec shared\ccRegVfy.exe"
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSubtract.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
LSP: SpSubLSP.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
Notify: iifedcaw - iifedcaw.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
AppInit_DLLs: ntjkpy.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\innayynv.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\innayynv.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\innayynv.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
S0 mkum;mkum;c:\windows\system32\drivers\odukol.sys --> c:\windows\system32\drivers\odukol.sys [?]
S0 yqerspnv;yqerspnv;c:\windows\system32\drivers\oengenyd.sys []
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-11-14 317128]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2002-11-15 100032]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20030610.007\NAVENG.Sys [2003-8-28 67800]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20030610.007\NavEx15.Sys [2003-8-28 531128]
S3 SAVRT;SAVRT;c:\windows\system32\drivers\savrt.sys [2002-7-26 235184]
S4 mrtRate;mrtRate; [x]
S4 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\Navapsvc.exe [2002-11-15 116336]
S4 RPCH;Remote Procedure Call (HPM);c:\program files\netmeeting\nmwb.exe [2006-6-19 396800]
S4 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\Savrtpel.sys [2002-7-26 34992]

=============== Created Last 30 ================

2009-01-11 16:13 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-11 00:50 552 a------- c:\windows\system32\d3d8caps.dat
2009-01-10 06:50 52,224 a------- c:\windows\system32\ljJYOiIb.dll
2009-01-10 06:42 52,224 a------- c:\windows\system32\awtuuRKb.dll
2009-01-10 06:37 <DIR> --d----- c:\docume~1\owner\applic~1\cogad
2009-01-08 16:58 1,242,112 a------- c:\windows\system32\csXImage.ocx
2009-01-08 16:58 402,848 a------- c:\windows\system32\btn32a20.ocx
2009-01-08 16:58 266,240 a------- c:\windows\system32\EZTiff.dll
2009-01-08 16:58 225,280 a------- c:\windows\system32\Btn32d20.dll
2009-01-08 16:58 204,800 a------- c:\windows\system32\ColorBox.ocx
2009-01-08 16:58 180,224 a------- c:\windows\system32\Eztwain3.dll
2009-01-08 16:58 151,552 a------- c:\windows\system32\EZPng.dll
2009-01-08 16:58 106,496 a------- c:\windows\system32\EZJpeg.dll
2009-01-08 16:58 49,152 a------- c:\windows\system32\EZPdf.dll
2009-01-08 16:58 <DIR> --d----- c:\program files\DVDCoverPrint
2009-01-08 16:57 260,096 a------- c:\windows\system32\richtx32.ocx
2009-01-08 16:57 238,080 a------- c:\windows\system32\fximg50g.ocx
2009-01-08 16:57 178,688 a------- c:\windows\system32\fxlbl50g.ocx
2009-01-08 16:57 118,784 a------- c:\windows\system32\EZGif.dll
2009-01-08 16:57 59,014 a------- c:\windows\system32\picn1820.ssm
2009-01-08 16:57 47,163 a------- c:\windows\system32\picn1320.ssm
2009-01-08 16:57 29,184 a------- c:\windows\system32\picn20.dll
2009-01-08 16:57 16,064 a------- c:\windows\system32\picn8220.ssm
2009-01-08 16:57 307,200 a------- c:\windows\system32\PolarZIPLight.dll
2009-01-08 16:57 122,880 a------- c:\windows\system32\fxtls532.dll
2009-01-08 16:57 115,920 a------- c:\windows\system32\MSINET.OCX
2009-01-08 16:57 153,088 a------- c:\windows\system32\UNWISE.EXE
2009-01-08 14:58 <DIR> --ds---- c:\documents and settings\owner\UserData
2009-01-03 21:59 <DIR> --d----- c:\program files\Paint.NET

==================== Find3M ====================

2009-01-15 19:23 98,304 a------- c:\windows\DUMP642d.tmp
2009-01-15 19:12 98,304 a------- c:\windows\DUMP6402.tmp
2009-01-15 19:02 98,304 a------- c:\windows\DUMP6425.tmp
2009-01-15 18:55 98,304 a------- c:\windows\DUMP6735.tmp
2009-01-15 18:52 98,304 a------- c:\windows\DUMP6610.tmp
2009-01-15 18:50 98,304 a------- c:\windows\DUMP6424.tmp
2009-01-15 18:47 98,304 a------- c:\windows\DUMP6423.tmp
2009-01-15 18:38 98,304 a------- c:\windows\DUMP63f6.tmp
2009-01-15 18:33 98,304 a------- c:\windows\DUMP643c.tmp
2009-01-15 18:06 98,304 a------- c:\windows\DUMP63f5.tmp
2009-01-15 18:03 98,304 a------- c:\windows\DUMP63f4.tmp
2009-01-15 17:56 98,304 a------- c:\windows\DUMP63e9.tmp
2009-01-15 17:53 98,304 a------- c:\windows\DUMP66d9.tmp
2009-01-15 17:50 98,304 a------- c:\windows\DUMP64aa.tmp
2009-01-14 21:49 98,304 a------- c:\windows\DUMP64b8.tmp
2009-01-14 21:10 98,304 a------- c:\windows\DUMP4390.tmp
2009-01-14 21:05 98,304 a------- c:\windows\DUMP6418.tmp
2009-01-14 21:04 98,304 a------- c:\windows\DUMP63e8.tmp
2009-01-14 20:24 98,304 a------- c:\windows\DUMP64e6.tmp
2009-01-14 20:23 98,304 a------- c:\windows\DUMP63e7.tmp
2009-01-14 20:14 98,304 a------- c:\windows\DUMP665e.tmp
2009-01-14 20:07 98,304 a------- c:\windows\DUMP64a9.tmp
2009-01-14 19:45 98,304 a------- c:\windows\DUMP63e6.tmp
2009-01-14 19:39 98,304 a------- c:\windows\DUMP63e5.tmp
2009-01-14 19:36 98,304 a------- c:\windows\DUMP6401.tmp
2009-01-14 19:33 98,304 a------- c:\windows\DUMP6400.tmp
2009-01-14 19:13 98,304 a------- c:\windows\DUMP67a6.tmp
2009-01-14 19:07 98,304 a------- c:\windows\DUMP666d.tmp
2009-01-14 18:35 98,304 a------- c:\windows\DUMP63e4.tmp
2009-01-14 18:32 98,304 a------- c:\windows\DUMP647f.tmp
2009-01-14 18:12 98,304 a------- c:\windows\DUMP666c.tmp
2009-01-14 18:06 98,304 a------- c:\windows\DUMP63e3.tmp
2009-01-14 17:58 98,304 a------- c:\windows\DUMP63d9.tmp
2009-01-14 17:52 98,304 a------- c:\windows\DUMP6417.tmp
2009-01-14 17:46 98,304 a------- c:\windows\DUMP63d8.tmp
2009-01-14 17:32 98,304 a------- c:\windows\DUMP66d8.tmp
2009-01-14 17:28 98,304 a------- c:\windows\DUMP63f3.tmp
2009-01-14 17:10 98,304 a------- c:\windows\DUMP661e.tmp
2009-01-14 17:06 98,304 a------- c:\windows\DUMP66f8.tmp
2009-01-14 16:53 98,304 a------- c:\windows\DUMP63d7.tmp
2009-01-14 16:41 98,304 a------- c:\windows\DUMP647e.tmp
2009-01-14 16:10 98,304 a------- c:\windows\DUMP668a.tmp
2009-01-14 16:06 98,304 a------- c:\windows\DUMP67a5.tmp
2009-01-14 15:32 98,304 a------- c:\windows\DUMP63d6.tmp
2009-01-14 15:31 98,304 a------- c:\windows\DUMP63d5.tmp
2009-01-14 15:20 98,304 a------- c:\windows\DUMP63d4.tmp
2009-01-14 15:10 98,304 a------- c:\windows\DUMP663f.tmp
2009-01-14 15:06 98,304 a------- c:\windows\DUMP66c9.tmp
2009-01-14 15:03 98,304 a------- c:\windows\DUMP63c9.tmp
2009-01-14 15:00 98,304 a------- c:\windows\DUMP63c8.tmp
2009-01-14 14:43 98,304 a------- c:\windows\DUMP6422.tmp
2009-01-14 14:42 98,304 a------- c:\windows\DUMP63c7.tmp
2009-01-14 14:40 98,304 a------- c:\windows\DUMP648c.tmp
2009-01-14 14:39 98,304 a------- c:\windows\DUMP63c6.tmp
2009-01-14 14:12 98,304 a------- c:\windows\DUMP642c.tmp
2009-01-14 14:09 98,304 a------- c:\windows\DUMP663e.tmp
2009-01-14 14:05 98,304 a------- c:\windows\DUMP67d2.tmp
2009-01-14 13:59 98,304 a------- c:\windows\DUMP6416.tmp
2009-01-14 13:49 98,304 a------- c:\windows\DUMP6415.tmp
2009-01-14 13:40 98,304 a------- c:\windows\DUMP63f2.tmp
2009-01-14 13:39 98,304 a------- c:\windows\DUMP6414.tmp
2009-01-14 13:33 98,304 a------- c:\windows\DUMP6499.tmp
2009-01-14 13:24 98,304 a------- c:\windows\DUMP63c5.tmp
2009-01-14 13:17 98,304 a------- c:\windows\DUMP646d.tmp
2009-01-14 13:09 98,304 a------- c:\windows\DUMP66eb.tmp
2009-01-14 13:05 98,304 a------- c:\windows\DUMP686e.tmp
2009-01-14 12:59 98,304 a------- c:\windows\DUMP63c4.tmp
2009-01-14 12:55 98,304 a------- c:\windows\DUMP63c3.tmp
2009-01-14 12:32 98,304 a------- c:\windows\DUMP64a8.tmp
2009-01-14 12:25 98,304 a------- c:\windows\DUMP63d3.tmp
2009-01-14 12:15 98,304 a------- c:\windows\DUMP63c2.tmp
2009-01-14 12:12 98,304 a------- c:\windows\DUMP6458.tmp
2009-01-14 12:09 98,304 a------- c:\windows\DUMP660f.tmp
2009-01-14 12:06 98,304 a------- c:\windows\DUMP63ba.tmp
2009-01-14 12:04 98,304 a------- c:\windows\DUMP644e.tmp
2009-01-14 12:01 98,304 a------- c:\windows\DUMP63b9.tmp
2009-01-14 11:55 98,304 a------- c:\windows\DUMP63f1.tmp
2009-01-14 11:50 98,304 a------- c:\windows\DUMP6067.tmp
2009-01-14 11:49 98,304 a------- c:\windows\DUMP642b.tmp
2009-01-14 11:36 98,304 a------- c:\windows\DUMP63b8.tmp
2009-01-14 11:32 98,304 a------- c:\windows\DUMP63f0.tmp
2009-01-14 11:23 98,304 a------- c:\windows\DUMP644d.tmp
2009-01-14 11:20 98,304 a------- c:\windows\DUMP63e2.tmp
2009-01-14 11:09 98,304 a------- c:\windows\DUMP6775.tmp
2009-01-14 11:07 98,304 a------- c:\windows\DUMP63b7.tmp
2009-01-14 11:04 98,304 a------- c:\windows\DUMP65b0.tmp
2009-01-14 10:51 98,304 a------- c:\windows\DUMP63c1.tmp
2009-01-14 10:47 98,304 a------- c:\windows\DUMP63c0.tmp
2009-01-14 10:41 98,304 a------- c:\windows\DUMP6087.tmp
2009-01-14 10:39 98,304 a------- c:\windows\DUMP642a.tmp
2009-01-14 10:38 98,304 a------- c:\windows\DUMP6413.tmp
2009-01-14 10:29 98,304 a------- c:\windows\DUMP63aa.tmp
2009-01-14 10:07 98,304 a------- c:\windows\DUMP6820.tmp
2009-01-14 10:03 98,304 a------- c:\windows\DUMP64a7.tmp
2009-01-14 10:00 98,304 a------- c:\windows\DUMP63a9.tmp
2009-01-14 09:54 98,304 a------- c:\windows\DUMP63a8.tmp
2009-01-14 09:52 98,304 a------- c:\windows\DUMP63a7.tmp
2009-01-14 09:38 98,304 a------- c:\windows\DUMP63a6.tmp
2009-01-14 09:37 98,304 a------- c:\windows\DUMP63a5.tmp
2009-01-14 09:22:53 A------- 98,304 c:\windows\DUMP63b6.tmp
2003-08-28 22:16 32 a--sh--- c:\windows\{14B431FF-99E9-4C1E-8574-051F227CB5BD}.dat
2003-08-28 22:16 32 a--sh--- c:\windows\system32\{C6B785D4-A2EC-4320-AADD-7778E174E81D}.dat
2005-07-29 16:24 472 a--shr-- c:\windows\tmljaybqyxr0aw5zb24\nA53uV1ksrlXuqcWvZb.vbs

============= FINISH: 13:04:37.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:45 AM

Posted 08 February 2009 - 11:00 PM

Hello, UncleGrubby
:thumbup2: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:45 AM

Posted 13 February 2009 - 05:43 PM

Hello, UncleGrubby
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users