Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis - Please help diagnose my issue


  • This topic is locked This topic is locked
7 replies to this topic

#1 larrygm

larrygm

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 25 April 2009 - 08:21 AM

Attached please find the log created from HiJack This software. I can boot the machine, but none of the software will run. I understand you are the folks in the know, I really need your help

thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:30 AM

Posted 25 April 2009 - 08:42 AM

Hello larrygm

Welcome to Welcome to BleepingComputer :thumbup2:
=====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download the GMER Rootkit Scanner.
Click the Download exe button and save the randomly named file to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click randomlynamed.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 larrygm

larrygm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 25 April 2009 - 09:58 AM

Thank you for your prompt response. Here are the log files of the scans you requested I run. The GMER scan didn't really produce any data, and I didnt want to go any further without instruction

Larry

Attached Files



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:30 AM

Posted 25 April 2009 - 10:02 AM

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------
Rename it kahdah
Double click on kahdah.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

Edited by kahdah, 25 April 2009 - 10:04 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 larrygm

larrygm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 25 April 2009 - 10:18 AM

everytime i try to download and run combofix I get an alert message that the package has been comprimised with a file patching virus (Virut)

Is it safe to continue???

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:30 AM

Posted 25 April 2009 - 11:12 AM

Well if that is true then there will be no recovery.
If combofix run's it will tell me what I need to see.

Please before proceeding make a backup of non .exe files php .scr .html .asp.
Any file with these extention's may be infected.

You can hook up an external drive and boot up with a linux cd to back up your items.
Just in case.

Here is a tutorial on how to do that :
http://www.howtogeek.com/howto/windows-vis...ndows-computer/

AFter doing that do the following:
Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
    
    O4 - HKLM..\Run: [*ctfmon32] "C:\Users\Larry\AppData\Roaming\svchost.exe" (  )
    O4 - HKLM..\Run: [autochk] C:\Windows\system32\autochk.dll ( )
    O4 - HKCU..\Run: [autochk]  C:\Windows\system32\config\SYSTEM~1\protect.dll ( )
    O2 - BHO: (C:\Windows\system32\jksahfo93wjfkd.dll) - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\Windows\system32\jksahfo93wjfkd.dll ()
    O22 - SharedTaskScheduler: {B2BA40A2-74F0-42BD-F434-12345A2C8953} - jso8joigm409gopgmrlgd - C:\Windows\system32\jksahfo93wjfkd.dll ()
    O27 - HKLM IFEO\_AVP32.exe 
    O27 - HKLM IFEO\_AVPCC.exe 
    O27 - HKLM IFEO\_AVPM.exe 
    O27 - HKLM IFEO\aavgapi.exe 
    O27 - HKLM IFEO\AAWDriverTool.exe 
    O27 - HKLM IFEO\AAWService.exe 
    O27 - HKLM IFEO\AAWTray.exe 
    O27 - HKLM IFEO\AAWWSC.exe 
    O27 - HKLM IFEO\AckWin32.exe 
    O27 - HKLM IFEO\ACTHOSP.exe 
    O27 - HKLM IFEO\Ad-Aware.exe 
    O27 - HKLM IFEO\Ad-AwareAdmin.exe 
    O27 - HKLM IFEO\Ad-AwareCommand.exe 
    O27 - HKLM IFEO\ADVXDWIN.exe 
    O27 - HKLM IFEO\agentw.exe 
    O27 - HKLM IFEO\ALERTSVC.exe 
    O27 - HKLM IFEO\alogserv.exe 
    O27 - HKLM IFEO\AMON9X.exe 
    O27 - HKLM IFEO\ANTI-TROJAN.exe 
    O27 - HKLM IFEO\ANTS.exe 
    O27 - HKLM IFEO\APVXDWIN.exe 
    O27 - HKLM IFEO\ashAvast.exe 
    O27 - HKLM IFEO\ashBug.exe 
    O27 - HKLM IFEO\ashChest.exe 
    O27 - HKLM IFEO\ashCnsnt.exe 
    O27 - HKLM IFEO\ashDisp.exe 
    O27 - HKLM IFEO\ashLogV.exe 
    O27 - HKLM IFEO\ashMaiSv.exe 
    O27 - HKLM IFEO\ashPopWz.exe 
    O27 - HKLM IFEO\ashQuick.exe 
    O27 - HKLM IFEO\ashServ.exe 
    O27 - HKLM IFEO\ashSimp2.exe 
    O27 - HKLM IFEO\ashSimpl.exe 
    O27 - HKLM IFEO\ashSkPcc.exe 
    O27 - HKLM IFEO\ashSkPck.exe 
    O27 - HKLM IFEO\ashUpd.exe 
    O27 - HKLM IFEO\ashwebsv.exe 
    O27 - HKLM IFEO\aswChLic.exe 
    O27 - HKLM IFEO\aswlsvc.exe 
    O27 - HKLM IFEO\aswMem64.exe 
    O27 - HKLM IFEO\aswRegSvr.exe 
    O27 - HKLM IFEO\aswRunDll.exe 
    O27 - HKLM IFEO\aswupdsv.exe 
    O27 - HKLM IFEO\ATCON.exe 
    O27 - HKLM IFEO\ATUPDATER.exe 
    O27 - HKLM IFEO\ATWATCH.exe 
    O27 - HKLM IFEO\AUTODOWN.exe 
    O27 - HKLM IFEO\AutoStart Manager.exe 
    O27 - HKLM IFEO\AutoTrace.exe 
    O27 - HKLM IFEO\avadmin.exe 
    O27 - HKLM IFEO\avcenter.exe 
    O27 - HKLM IFEO\avciman.exe 
    O27 - HKLM IFEO\avconfig.exe 
    O27 - HKLM IFEO\AVCONSOL.exe 
    O27 - HKLM IFEO\AVENGINE.exe 
    O27 - HKLM IFEO\AVGCC32.exe 
    O27 - HKLM IFEO\avgcfgex.exe 
    O27 - HKLM IFEO\avgcmgr.exe 
    O27 - HKLM IFEO\AVGCTRL.exe 
    O27 - HKLM IFEO\avgemc.exe 
    O27 - HKLM IFEO\avgfrw.exe 
    O27 - HKLM IFEO\avgiproxy.exe 
    O27 - HKLM IFEO\avgnsx.exe 
    O27 - HKLM IFEO\avgnt.exe 
    O27 - HKLM IFEO\avgrsx.exe 
    O27 - HKLM IFEO\avgscanx.exe 
    O27 - HKLM IFEO\AVGSERV.exe 
    O27 - HKLM IFEO\AVGSERV9.exe 
    O27 - HKLM IFEO\avgsrmax.exe 
    O27 - HKLM IFEO\avgtray.exe 
    O27 - HKLM IFEO\avguard.exe 
    O27 - HKLM IFEO\avgui.exe 
    O27 - HKLM IFEO\avgupd.exe 
    O27 - HKLM IFEO\AVGW.exe 
    O27 - HKLM IFEO\avgwdsvc.exe 
    O27 - HKLM IFEO\avkpop.exe 
    O27 - HKLM IFEO\AvkServ.exe 
    O27 - HKLM IFEO\avkservice.exe 
    O27 - HKLM IFEO\avkwctl9.exe 
    O27 - HKLM IFEO\avnotify.exe 
    O27 - HKLM IFEO\AVP.exe 
    O27 - HKLM IFEO\AVP32.exe 
    O27 - HKLM IFEO\avpm.exe 
    O27 - HKLM IFEO\avscan.exe 
    O27 - HKLM IFEO\Avsched32.exe 
    O27 - HKLM IFEO\AVSYNMGR.exe 
    O27 - HKLM IFEO\avupgsvc.exe 
    O27 - HKLM IFEO\AVWINNT.exe 
    O27 - HKLM IFEO\avwsc.exe 
    O27 - HKLM IFEO\AVXMONITOR9X.exe 
    O27 - HKLM IFEO\AVXMONITORNT.exe 
    O27 - HKLM IFEO\AVXQUAR.exe 
    O27 - HKLM IFEO\AVXW.exe 
    O27 - HKLM IFEO\blackd.exe 
    O27 - HKLM IFEO\BlackICE.exe 
    O27 - HKLM IFEO\blindman.exe 
    O27 - HKLM IFEO\BootSafe.exe 
    O27 - HKLM IFEO\ccApp.exe 
    O27 - HKLM IFEO\ccEvtMgr.exe 
    O27 - HKLM IFEO\ccPxySvc.exe 
    O27 - HKLM IFEO\ccSvcHst.exe 
    O27 - HKLM IFEO\CDP.exe 
    O27 - HKLM IFEO\cfgWiz.exe 
    O27 - HKLM IFEO\Claw95.exe 
    O27 - HKLM IFEO\Claw95cf.exe
    O27 - HKLM IFEO\cleaner.exe 
    O27 - HKLM IFEO\cleaner3.exe 
    O27 - HKLM IFEO\CMGRDIAN.exe 
    O27 - HKLM IFEO\combofix.exe 
    O27 - HKLM IFEO\combo-fix.exe 
    O27 - HKLM IFEO\CONNECTIONMONITOR.exe 
    O27 - HKLM IFEO\cpd.exe 
    O27 - HKLM IFEO\CPDCLNT.exe 
    O27 - HKLM IFEO\CTRL.exe 
    O27 - HKLM IFEO\CtxCleanup.exe 
    O27 - HKLM IFEO\dds.scr.exe 
    O27 - HKLM IFEO\defalert.exe 
    O27 - HKLM IFEO\defscangui.exe 
    O27 - HKLM IFEO\DEFWATCH.exe 
    O27 - HKLM IFEO\devcon.exe 
    O27 - HKLM IFEO\DOORS.exe 
    O27 - HKLM IFEO\drvins32.exe 
    O27 - HKLM IFEO\DVP95.exe 
    O27 - HKLM IFEO\DVP95_0.exe 
    O27 - HKLM IFEO\ecls.exe 
    O27 - HKLM IFEO\ecmd.exe 
    O27 - HKLM IFEO\eeclnt.exe 
    O27 - HKLM IFEO\EFPEADM.exe
    O27 - HKLM IFEO\egui.exe 
    O27 - HKLM IFEO\EHttpSrv.exe 
    O27 - HKLM IFEO\ekrn.exe 
    O27 - HKLM IFEO\ETRUSTCIPE.exe 
    O27 - HKLM IFEO\EVPN.exe 
    O27 - HKLM IFEO\EXPERT.exe 
    O27 - HKLM IFEO\fact.exe 
    O27 - HKLM IFEO\F-AGNT95.exe 
    O27 - HKLM IFEO\fameh32.exe 
    O27 - HKLM IFEO\fch32.exe 
    O27 - HKLM IFEO\fih32fih32.exe 
    O27 - HKLM IFEO\fixcfg.exe 
    O27 - HKLM IFEO\fnrb32.exe 
    O27 - HKLM IFEO\F-PROT.exe 
    O27 - HKLM IFEO\F-PROT95.exe 
    O27 - HKLM IFEO\FP-WIN.exe
    O27 - HKLM IFEO\FRW.exe 
    O27 - HKLM IFEO\fsaa.exe 
    O27 - HKLM IFEO\fsav32.exe 
    O27 - HKLM IFEO\fsgk32.exe 
    O27 - HKLM IFEO\fsm32.exe 
    O27 - HKLM IFEO\fsma32.exe 
    O27 - HKLM IFEO\fsmb32.exe 
    O27 - HKLM IFEO\f-stopw.exe 
    O27 - HKLM IFEO\gbmenu.exe 
    O27 - HKLM IFEO\GBPOLL.exe 
    O27 - HKLM IFEO\GENERICS.exe 
    O27 - HKLM IFEO\GUARD.exe 
    O27 - HKLM IFEO\GUARDDOG.exe 
    O27 - HKLM IFEO\guardgui.exe 
    O27 - HKLM IFEO\GWFeed.exe 
    O27 - HKLM IFEO\HostFileEditor.exe 
    O27 - HKLM IFEO\iamapp.exe 
    O27 - HKLM IFEO\iamserv.exe 
    O27 - HKLM IFEO\IAMSTATS.exe 
    O27 - HKLM IFEO\ICLOAD95.exe 
    O27 - HKLM IFEO\ICLOADNT.exe 
    O27 - HKLM IFEO\ICMON.exe 
    O27 - HKLM IFEO\ICSUPP95.exe 
    O27 - HKLM IFEO\ICSUPPNT.exe 
    O27 - HKLM IFEO\IFACE.exe 
    O27 - HKLM IFEO\Inicio.exe 
    O27 - HKLM IFEO\IOMON98.exe 
    O27 - HKLM IFEO\ISRV95.exe 
    O27 - HKLM IFEO\JEDI.exe 
    O27 - HKLM IFEO\LDNETMON.exe 
    O27 - HKLM IFEO\LDPROMENU.exe 
    O27 - HKLM IFEO\LDSCAN.exe 
    O27 - HKLM IFEO\licmgr.exe 
    O27 - HKLM IFEO\LOCKDOWN.exe 
    O27 - HKLM IFEO\lockdown2000.exe 
    O27 - HKLM IFEO\LUALL.exe 
    O27 - HKLM IFEO\LUCOMSERVER.exe 
    O27 - HKLM IFEO\LUSPT.exe 
    O27 - HKLM IFEO\MainStub.exe 
    O27 - HKLM IFEO\mbam.exe 
    O27 - HKLM IFEO\mbam-dor.exe 
    O27 - HKLM IFEO\mbamgui.exe 
    O27 - HKLM IFEO\mbamservice.exe 
    O27 - HKLM IFEO\mbam-setup.exe 
    O27 - HKLM IFEO\mbklaunch.exe 
    O27 - HKLM IFEO\MCAGENT.exe 
    O27 - HKLM IFEO\McENUI.exe 
    O27 - HKLM IFEO\mcinst.exe 
    O27 - HKLM IFEO\mcinsupd.exe
    O27 - HKLM IFEO\MCMNHDLR.exe
    O27 - HKLM IFEO\mcmscsvc.exe
    O27 - HKLM IFEO\mcnasvc.exe
    O27 - HKLM IFEO\mcods.exe
    O27 - HKLM IFEO\mcproxy.exe
    O27 - HKLM IFEO\mcsacore.exe
    O27 - HKLM IFEO\mcshell.exe
    O27 - HKLM IFEO\Mcshield.exe
    O27 - HKLM IFEO\mcsysmon.exe
    O27 - HKLM IFEO\MCTOOL.exe
    O27 - HKLM IFEO\MCUPDATE.exe
    O27 - HKLM IFEO\MCVSRTE.exe
    O27 - HKLM IFEO\MCVSSHLD.exe 
    O27 - HKLM IFEO\MGAVRTCL.exe 
    O27 - HKLM IFEO\MGAVRTE.exe 
    O27 - HKLM IFEO\MGHTML.exe 
    O27 - HKLM IFEO\MINILOG.exe 
    O27 - HKLM IFEO\Monitor.exe 
    O27 - HKLM IFEO\MOOLIVE.exe 
    O27 - HKLM IFEO\MPFAGENT.exe 
    O27 - HKLM IFEO\mpfalert.exe 
    O27 - HKLM IFEO\MPFSERVICE.exe 
    O27 - HKLM IFEO\MPFSrv.exe 
    O27 - HKLM IFEO\MPFTRAY.exe 
    O27 - HKLM IFEO\MskSrver.exe 
    O27 - HKLM IFEO\MWATCH.exe 
    O27 - HKLM IFEO\NAVAPSVC.exe 
    O27 - HKLM IFEO\NAVAPW32.exe 
    O27 - HKLM IFEO\NAVLU32.exe 
    O27 - HKLM IFEO\Navw32.exe 
    O27 - HKLM IFEO\NDD32.exe 
    O27 - HKLM IFEO\NeoWatchLog.exe 
    O27 - HKLM IFEO\netcfg.exe 
    O27 - HKLM IFEO\NETUTILS.exe 
    O27 - HKLM IFEO\NISSERV.exe 
    O27 - HKLM IFEO\NISUM.exe 
    O27 - HKLM IFEO\NMAIN.exe 
    O27 - HKLM IFEO\NORMIST.exe 
    O27 - HKLM IFEO\notstart.exe  
    O27 - HKLM IFEO\NPROTECT.exe 
    O27 - HKLM IFEO\npscheck.exe 
    O27 - HKLM IFEO\NPSSVC.exe 
    O27 - HKLM IFEO\NSCHED32.exe 
    O27 - HKLM IFEO\ntrtscan.exe
    O27 - HKLM IFEO\NTVDM.exe 
    O27 - HKLM IFEO\NTXconfig.exe 
    O27 - HKLM IFEO\Nui.exe 
    O27 - HKLM IFEO\Nupgrade.exe 
    O27 - HKLM IFEO\NVC95.exe 
    O27 - HKLM IFEO\NWNT.exe 
    O27 - HKLM IFEO\NWService.exe 
    O27 - HKLM IFEO\NWTOOL16.exe 
    O27 - HKLM IFEO\PADMIN.exe 
    O27 - HKLM IFEO\panicsh.exe 
    O27 - HKLM IFEO\PavBckPT.exe 
    O27 - HKLM IFEO\PavFnSvr.exe 
    O27 - HKLM IFEO\pavjobs.exe 
    O27 - HKLM IFEO\PAVPROXY.exe 
    O27 - HKLM IFEO\PavPrSrv.exe 
    O27 - HKLM IFEO\PAVSCRIP.exe 
    O27 - HKLM IFEO\PAVSRV51.exe 
    O27 - HKLM IFEO\Pavw.exe 
    O27 - HKLM IFEO\PCCIOMON.exe 
    O27 - HKLM IFEO\pccntmon.exe 
    O27 - HKLM IFEO\pccwin97.exe 
    O27 - HKLM IFEO\PCCWIN98.exe 
    O27 - HKLM IFEO\pcscan.exe 
    O27 - HKLM IFEO\PERSFW.exe 
    O27 - HKLM IFEO\pfinder.exe 
    O27 - HKLM IFEO\PlaTasks.exe 
    O27 - HKLM IFEO\PPFW.exe 
    O27 - HKLM IFEO\ProcessWatch.exe 
    O27 - HKLM IFEO\PSClean.exe 
    O27 - HKLM IFEO\PsCtrlS.exe 
    O27 - HKLM IFEO\PSHost.exe 
    O27 - HKLM IFEO\psimreal.exe 
    O27 - HKLM IFEO\PsImSvc.exe 
    O27 - HKLM IFEO\pskdr.exe 
    O27 - HKLM IFEO\psksvc.exe 
    O27 - HKLM IFEO\PSROL.exe 
    O27 - HKLM IFEO\rescue32.exe 
    O27 - HKLM IFEO\RUNSAS.exe 
    O27 - HKLM IFEO\SASINSST.exe 
    O27 - HKLM IFEO\ScanStub.exe 
    O27 - HKLM IFEO\sched.exe 
    O27 - HKLM IFEO\SDFiles.exe
    O27 - HKLM IFEO\SDISK32.exe
    O27 - HKLM IFEO\SDMain.exe
    O27 - HKLM IFEO\SDShred.exe
    O27 - HKLM IFEO\SfCtlCom.exe
    O27 - HKLM IFEO\SfFnWSC.exe
    O27 - HKLM IFEO\SOSLiveProtect.exe
    O27 - HKLM IFEO\SosLocalBackup.exe
    O27 - HKLM IFEO\sosonlinebackupservice.exe
    O27 - HKLM IFEO\sosuploadagent.exe
    O27 - HKLM IFEO\SpybotSD.exe
    O27 - HKLM IFEO\SpySweeper.exe
    O27 - HKLM IFEO\SpySweeperUI.exe
    O27 - HKLM IFEO\SrvLoad.exe
    O27 - HKLM IFEO\SStorage.exe
    O27 - HKLM IFEO\SSU.exe
    O27 - HKLM IFEO\SSUpdate.exe
    O27 - HKLM IFEO\SUPERantispyware.exe
    O27 - HKLM IFEO\SuppStub.exe
    O27 - HKLM IFEO\symlcsvc.exe
    O27 - HKLM IFEO\SysInspector.exe
    O27 - HKLM IFEO\SysRescue.exe
    O27 - HKLM IFEO\TeaTimer.exe
    O27 - HKLM IFEO\ThreatWork.exe 
    O27 - HKLM IFEO\TisScan.exe
    O27 - HKLM IFEO\tisspwiz.exe
    O27 - HKLM IFEO\TISTOOL.exe
    O27 - HKLM IFEO\tmarsvc.exe
    O27 - HKLM IFEO\TMAS_AU.exe
    O27 - HKLM IFEO\TMAS_OE.exe
    O27 - HKLM IFEO\TMAS_OEImp.exe
    O27 - HKLM IFEO\TMAS_OEMon.exe
    O27 - HKLM IFEO\TMBMSRV.exe
    O27 - HKLM IFEO\TmPfw.exe
    O27 - HKLM IFEO\TmProxy.exe
    O27 - HKLM IFEO\TPSrv.exe
    O27 - HKLM IFEO\TSCFAUBroker.exe
    O27 - HKLM IFEO\TSCFCmdrLauncher.exe
    O27 - HKLM IFEO\TSCFCommander.exe
    O27 - HKLM IFEO\TSCFPlatformCOMSvr.exe
    O27 - HKLM IFEO\UfIfAvIm.exe
    O27 - HKLM IFEO\UfNavi.exe
    O27 - HKLM IFEO\UfSeAgnt.exe
    O27 - HKLM IFEO\UfUpdUi.exe
    O27 - HKLM IFEO\Upgrader.exe
    O27 - HKLM IFEO\VisthAux.exe
    O27 - HKLM IFEO\VisthLic.exe
    O27 - HKLM IFEO\VisthUpd.exe
    O27 - HKLM IFEO\VSMAIN.exe
    O27 - HKLM IFEO\vsmon.exe
    O27 - HKLM IFEO\VSSTAT.exe
    O27 - HKLM IFEO\WashEngine.exe
    O27 - HKLM IFEO\WATCHDOG.exe
    O27 - HKLM IFEO\WebProxy.exe
    O27 - HKLM IFEO\WEBSCANX.exe
    O27 - HKLM IFEO\WEBTRAP.exe
    O27 - HKLM IFEO\WGFE95.exe
    O27 - HKLM IFEO\WIMMUN32.exe
    O27 - HKLM IFEO\WIZHOSP.exe
    O27 - HKLM IFEO\WrAdmin.exe
    O27 - HKLM IFEO\WRConsumerService.exe
    O27 - HKLM IFEO\WrCtrl.exe
    O27 - HKLM IFEO\WRUtil.exe
    O27 - HKLM IFEO\wsctool.exe
    O27 - HKLM IFEO\wuauclt.exe
    O27 - HKLM IFEO\zapro.exe 
    O27 - HKLM IFEO\zonealarm.exe
    O33 - MountPoints2\{694abbaf-136f-11de-a694-00197eda44d6}\Shell\AutoRun\command - "" = G:\DM_78519618311321154254.EXE -- File not found
    O33 - MountPoints2\{c2ad51e8-15b4-11de-8f40-00197eda44d6}\Shell\AutoRun\command - "" = G:\DLLHOST.EXE -- [2006/11/02 05:45:38 | 00,065,024 | -H-- | M] (Microsoft Corporation)
    [2009/04/25 04:16:25 | 00,004,096 | ---- | C] () -- C:\Windows\System32\ftp_non_crp.exe
    [2009/04/25 01:51:44 | 00,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\_9f6efdbb85a9a105178887577deab40f
    
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
============
AFter that you should be able to run any antivirus product.

Then proceed with Combofix.
Post that log here please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 larrygm

larrygm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 25 April 2009 - 11:31 AM

thanks for all your help. looks like i need to do a fresh install

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:30 AM

Posted 25 April 2009 - 12:09 PM

You are welcome :thumbup2:


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users