Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows losing focus


  • Please log in to reply
1 reply to this topic

#1 helpmeh

helpmeh

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 17 March 2009 - 03:49 PM

Howdy,

I ran spybot, malware antibytes and I think combofix on a machine about a week ago. It was having issues with popups fairly frequently, and they had all gone away. Today, windows being worked in would start losing focus, which I figure is something still on the machine. I was hoping someone could help.

Thanks in advance!

DDS (Ver_09-03-16.01) - NTFSx86
Run by awilliams at 12:20:04.65 on Tue 03/17/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.987 [GMT -7:00]

AV: Trend Micro Client-Server Security Agent AntiVirus *On-access scanning enabled* (Updated)
FW: Trend Micro Client-Server Security Agent Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\TEMP\WF18DD.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Dynamics\GP\Dynamics.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\3361\svchost.exe -sysrun
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\HJT\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\awilliams\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070821
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [reader_s] c:\documents and settings\awilliams\reader_s.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [svchost.exe] "c:\windows\system32\3361\svchost.exe"
mRunOnce: [svchost.exe] "c:\windows\system32\3361\svchost.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\xccstart.lnk - c:\windows\system\xccef090310.exe
IE: &Search - ?p=ZNfox000
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236830866395
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: jcoovz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\awilli~1\applic~1\mozilla\firefox\profiles\pqd4rk6s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

============= SERVICES / DRIVERS ===============

R2 OfcPfwSvc;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\OfcPfwSvc.exe [2007-7-26 282704]
R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2007-7-26 205328]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2007-7-26 36368]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2007-8-28 2944]
R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2007-8-28 60416]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2007-8-28 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2007-8-28 10368]
R4 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys --> c:\windows\system32\drivers\pctfw2.sys [?]
RUnknown IKFileSec;IKFileSec; [x]
RUnknown IKSysFlt;IKSysFlt; [x]
RUnknown IKSysSec;IKSysSec; [x]
S0 ibqsolzj;ibqsolzj;c:\windows\system32\drivers\bbnkjil.sys --> c:\windows\system32\drivers\bbnkjil.sys [?]
S2 ASFIPmon;Broadcom ASF IP Monitor;"c:\program files\broadcom\asfipmon\asfipmon.exe" -service --> c:\program files\broadcom\asfipmon\AsfIpMon.exe [?]
S3 pcistub;pcistub;c:\windows\system32\pcistub.sys [2008-4-14 2304]

=============== Created Last 30 ================

2009-03-17 12:17 <DIR> --d----- C:\HJT
2009-03-17 11:47 <DIR> --d----- C:\VundoFix Backups
2009-03-17 11:35 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-17 11:34 <DIR> --d----- c:\program files\Spyware Doctor
2009-03-11 23:56 3 a------- c:\windows\system32\bversion.dll
2009-03-11 23:45 32,256 ac------ c:\windows\system32\dllcache\brmfrsmg.exe
2009-03-11 23:45 32,256 a------- c:\windows\system32\BrmfRsmg.exe
2009-03-11 23:31 <DIR> --d----- c:\windows\system32\NtmsData
2009-03-11 23:29 3 a------- c:\windows\system32\fhpatch.dll
2009-03-11 23:29 565,248 a------- c:\windows\system32\IPHACTION.dll
2009-03-11 23:19 0 -------- c:\windows\system32\IpSvchostF.dll
2009-03-11 22:41 40,960 a------- c:\windows\system32\tcpd.exe
2009-03-11 22:41 <DIR> --d----- c:\windows\system32\3361
2009-03-11 22:41 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-03-11 22:25 161,792 a------- c:\windows\SWREG.exe
2009-03-11 22:25 98,816 a------- c:\windows\sed.exe
2009-03-11 22:08 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-11 22:08 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-11 22:08 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-11 22:08 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-11 22:08 <DIR> --d----- C:\35aa1411758c1843bb1cecfebca4
2009-03-11 21:53 <DIR> --d----- C:\544963cb303bb90b80538c1a8f
2009-03-11 21:53 <DIR> --d----- C:\6de10eaddf0b91932a623d575bd6
2009-03-11 21:48 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-03-11 21:48 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-03-11 21:48 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-11 21:48 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-03-11 21:48 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-03-11 21:48 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-03-11 21:48 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-03-11 21:48 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-11 21:48 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-03-11 21:17 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-11 21:16 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-11 21:16 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-11 21:16 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-11 21:16 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-11 21:14 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-11 21:08 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-03-11 20:37 7,700,480 a------- c:\windows\system32\nvcpl.dll
2009-03-11 20:37 212,992 a------- c:\windows\system32\nvapi.dll
2009-03-11 20:37 35,840 a------- c:\windows\system32\nvcodins.dll
2009-03-11 20:37 35,840 a------- c:\windows\system32\nvcod.dll
2009-03-11 20:37 <DIR> --d----- c:\windows\system32\EVGA
2009-03-11 20:32 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-11 20:32 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-11 20:13 <DIR> --d----- C:\Intel
2009-03-11 20:12 49,152 a------- c:\windows\system32\DSndUp.exe
2009-03-11 20:12 45,056 -------- c:\windows\system32\CleanUp.exe
2009-03-11 18:09 13,646 a------- c:\windows\system32\wpa.bak
2009-03-11 17:47 143,422 ac------ c:\windows\system32\dllcache\softkey.dll
2009-03-11 17:46 13,463,552 ac------ c:\windows\system32\dllcache\hwxjpn.dll
2009-03-11 17:45 7,168 ac------ c:\windows\system32\dllcache\wamregps.dll
2009-03-11 17:43 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-03-11 17:43 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-03-11 17:43 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-11 17:43 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-03-11 17:43 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-03-11 17:43 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-03-11 15:52 39,936 ac------ c:\windows\system32\dllcache\msinfo32.exe
2009-03-11 15:51 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-03-11 15:51 380,416 ac------ c:\windows\system32\dllcache\rstrui.exe
2009-03-11 15:50 634,024 -c------ c:\windows\system32\dllcache\iexplore.exe
2009-03-11 15:48 11,264 ac------ c:\windows\system32\dllcache\fxssend.exe
2009-03-11 15:46 4,444 a------- c:\windows\system32\pid.PNF
2009-03-11 15:30 7,334 ac------ c:\windows\system32\dllcache\wmerrenu.cat
2009-03-11 15:30 16,535 a----r-- c:\windows\SET6F.tmp
2009-03-11 15:30 1,088,840 a----r-- c:\windows\SET63.tmp
2009-03-11 15:30 1,296,669 a----r-- c:\windows\SET60.tmp
2009-03-11 14:06 <DIR> --d----- c:\program files\LanqiEngine
2009-03-11 14:06 735,232 a------- c:\windows\system32\AdvOcr.dll
2009-03-11 14:06 94,208 a------- c:\windows\system32\TRSOCR.dll
2009-03-11 14:06 95 a------- c:\windows\system32\TRSOCR.ini
2009-03-11 14:04 32,137,216 a------- c:\windows\system32\TRSOCR.dat
2009-03-11 12:51 <DIR> --d----- c:\docume~1\awilli~1\applic~1\Malwarebytes
2009-03-11 12:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-11 12:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 12:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-11 12:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-11 12:06 6 a------- c:\windows\_id.dat
2009-03-11 12:06 130 a------- c:\windows\adobe.bat
2009-03-11 12:04 0 a------- c:\windows\2.ini
2009-03-11 11:59 244 a---h--- C:\sqmnoopt07.sqm
2009-03-11 11:59 232 a---h--- C:\sqmdata07.sqm
2009-03-11 11:58 244 a---h--- C:\sqmnoopt06.sqm
2009-03-11 11:58 232 a---h--- C:\sqmdata06.sqm
2009-03-11 11:58 244 a---h--- C:\sqmnoopt05.sqm
2009-03-11 11:58 232 a---h--- C:\sqmdata05.sqm
2009-03-11 10:19 2,145,005,568 a------- c:\windows\MEMORY.DMP
2009-03-11 09:41 172,032 a------- c:\windows\system32\tcpcon.dll
2009-03-11 09:41 10,240 a------- c:\windows\system32\Packer.dll
2009-03-11 09:40 1,990 a------- c:\windows\system32\1CD6.tmp
2009-03-11 09:39 <DIR> --d----- c:\windows\system32\inf
2009-03-11 09:39 130,150 a------- c:\windows\system32\adx.exe
2009-03-11 09:39 124 a------- c:\windows\system32\1CCA.tmp
2009-03-11 09:38 <DIR> --d----- c:\docume~1\awilli~1\applic~1\Messenger
2009-03-11 09:38 <DIR> --d----- c:\temp\atmp8
2009-03-11 09:38 <DIR> --d----- c:\windows\system32\zh3
2009-03-11 09:38 <DIR> --d----- c:\windows\system32\om5
2009-03-11 09:38 <DIR> --d----- c:\windows\system32\gt
2009-03-11 09:38 <DIR> --dsh--- C:\Temp
2009-03-11 08:20 <DIR> --d----- c:\windows\java

==================== Find3M ====================

2009-03-11 17:42 23,428 a------- c:\windows\system32\emptyregdb.dat
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-12-20 16:15 826,368 a------- c:\windows\system32\wininet.dll
2008-04-29 11:50 60,968 a------- c:\documents and settings\awilliams\GoToAssistDownloadHelper.exe
2008-08-01 15:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080120080802\index.dat

============= FINISH: 12:20:29.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:54 AM

Posted 24 March 2009 - 05:39 PM

Hello Helpmeh,

I'm afraid I have bad news for you :thumbup2:

I see you're dealing with Virut on your system. In that case, it's probablyly a lost cause - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.
I guess that's what's happening to you. Either reinfecting by use of infected data you backed up, or an infected external medium.
Make sure during reinstall you delete all partitions present on the hard drive, and use the (slower) deep format prior to creating new partitions !!

Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

If reinstalling is absolutely no option for you,
then we may attempt another solution, although the outcome will be dubious at best.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users