Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task manager disabled , cannot install antivirus


  • This topic is locked This topic is locked
2 replies to this topic

#1 e.monk

e.monk

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 08 May 2009 - 09:40 AM

hi i recently scanned by computer(using Windows XP) using malwarebytes antimalware. i found a couple of infections which i had fixed by deleting them, mostly backdoor.bots and Trojans. However my antivirus software had stopped working, and i cant seem to be able to install a new one i just downloaded... my task manger seems to be disabled saying "task manger has been disabled by administrator"... i tried running online virus scans but the browser keeps closing mid scan! i think there's something wrong with the regedit registry... please help... thanks

im pasting the dds scan results below...


DDS (Ver_09-03-16.01) - NTFSx86
Internet Explorer: 6.0.2900.2180


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\Mr. Aditya\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [WINCINEMAMGR] "c:\program files\intervideo\common\bin\WinCinemaMgr.exe"
mRun: [farstone]
mRun: [RestoreIT!] "c:\program files\farstone\restoreit\restoreit_xp\VBPTASK.EXE" VBStart
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\mrf09e~1.adi\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegedit = 0 (0x0)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
[b]dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: musicmatch.com
Trusted Zone: musicmatch.com
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mrf09e~1.adi\applic~1\mozilla\firefox\profiles\o73fqxe3.default\
FF - prefs.js: network.proxy.type - 4

============= SERVICES / DRIVERS ===============

R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [2006-5-9 38784]
R0 RITFSD;RITFSD;c:\windows\system32\drivers\RITFSD.sys [2006-5-9 33249]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2006-5-9 183987]
R2 Rcfilter;Rcfilter;c:\windows\system32\drivers\Rcfilter.sys [2006-5-9 31872]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\iqmmlh.sys --> c:\windows\system32\drivers\iqmmlh.sys [?]
R3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [2006-5-9 14074]
R3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys [2006-5-9 116224]

=============== Created Last 30 ================

2009-05-08 19:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-05-08 19:54 <DIR> --d----- c:\program files\Security Task Manager
2009-05-08 19:18 <DIR> --d----- c:\program files\Trend Micro
2009-05-08 18:24 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-05-08 17:22 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-05-08 17:08 80 a------- c:\windows\system32\asr_ixuwu
2009-05-08 17:07 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-05-08 13:24 81,920 a------- c:\windows\system32\27.scr
2009-05-08 13:23 81,920 a------- c:\windows\system32\77.scr
2009-05-08 13:22 81,920 a------- c:\windows\system32\37.scr
2009-05-08 13:19 81,920 a------- c:\windows\system32\56.scr
2009-05-08 13:18 81,920 a------- c:\windows\system32\60.scr
2009-05-08 13:17 81,920 a------- c:\windows\system32\81.scr
2009-05-08 13:16 81,920 a------- c:\windows\system32\58.scr
2009-05-08 13:14 81,920 a------- c:\windows\system32\28.scr
2009-05-08 13:12 81,920 a------- c:\windows\system32\61.scr
2009-05-08 13:11 81,920 a------- c:\windows\system32\70.scr
2009-05-08 13:11 81,920 a------- c:\windows\system32\51.scr
2009-05-08 13:11 81,920 a------- c:\windows\system32\05.scr
2009-05-08 13:10 75,260 a------- c:\windows\system32\66.scr
2009-05-08 13:07 81,920 a------- c:\windows\system32\71.scr
2009-05-08 12:54 80 a------- c:\windows\system32\asr_sapbt
2009-05-08 12:19 0 a------- c:\windows\system32\poman.exe
2009-05-08 12:19 80 a------- c:\windows\system32\asr_hcwtf
2009-05-05 08:04 <DIR> --d----- C:\SAVE
2009-05-05 08:00 57 a------- c:\windows\sierra.ini
2009-05-05 07:56 <DIR> --d----- C:\Sierra
2009-05-05 04:06 79 a------- c:\windows\system32\asr_jqyrx
2009-05-05 04:01 79 a------- c:\windows\system32\asr_hayee
2009-05-05 03:03 79 a------- c:\windows\system32\asr_ftmpe
2009-05-05 02:47 79 a------- c:\windows\system32\asr_dtkkb
2009-05-05 02:15 79 a------- c:\windows\system32\asr_waftc
2009-05-05 02:00 79 a------- c:\windows\system32\asr_obsmx
2009-05-05 01:47 79 a------- c:\windows\system32\asr_kfimh
2009-05-05 01:03 79 a------- c:\windows\system32\asr_zlkbj
2009-05-05 00:54 79 a------- c:\windows\system32\asr_wbore
2009-05-05 00:41 79 a------- c:\windows\system32\asr_exwfk
2009-05-04 22:14 79 a------- c:\windows\system32\asr_iduwr
2009-05-04 22:12 79 a------- c:\windows\system32\asr_ehlrz
2009-05-04 22:11 79 a------- c:\windows\system32\asr_mraht
2009-05-04 22:09 79 a------- c:\windows\system32\asr_nyhpr
2009-05-04 21:57 79 a------- c:\windows\system32\asr_awesd
2009-05-04 21:43 79 a------- c:\windows\system32\asr_wtgmx
2009-05-04 16:32 79 a------- c:\windows\system32\asr_rwsxe
2009-05-04 15:42 79 a------- c:\windows\system32\asr_lwrww
2009-05-04 15:26 79 a------- c:\windows\system32\asr_iisfa
2009-05-04 11:05 0 a------- c:\windows\system32\fman.exe
2009-05-04 11:05 79 a------- c:\windows\system32\asr_joidm
2009-05-03 15:53 78 a------- c:\windows\system32\asr_hfxtt
2009-05-03 09:45 <DIR> --d----- c:\docume~1\mrf09e~1.adi\applic~1\Microsoft Games
2009-05-03 09:22 78 a------- c:\windows\system32\asr_nfbab
2009-05-03 09:20 <DIR> --d----- c:\program files\PowerISO
2009-05-02 22:41 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-05-02 22:41 <DIR> --d----- c:\docume~1\mrf09e~1.adi\applic~1\DAEMON Tools Lite
2009-05-02 21:03 78 a------- c:\windows\system32\asr_tqrol
2009-05-02 21:00 78 a------- c:\windows\system32\asr_psilt
2009-05-02 16:52 221,216 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-02 16:52 1,836 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-02 16:52 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-02 16:52 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-02 16:27 <DIR> --d----- c:\docume~1\mrf09e~1.adi\applic~1\Malwarebytes
2009-05-02 16:27 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-02 16:27 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-02 16:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-02 16:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-02 12:07 78 a------- c:\windows\system32\asr_pcacp
2009-05-02 11:51 78 a------- c:\windows\system32\asr_xuqyg
2009-05-01 23:44 78 a------- c:\windows\system32\asr_htblr
2009-05-01 23:24 78 a------- c:\windows\system32\asr_klcvw
2009-05-01 23:03 78 a------- c:\windows\system32\asr_xpfdo
2009-05-01 22:51 78 a------- c:\windows\system32\asr_rrmnt
2009-05-01 22:31 78 a------- c:\windows\system32\asr_nlroz
2009-05-01 22:31 78 a------- c:\windows\system32\asr_fcoti
2009-05-01 22:29 78 a------- c:\windows\system32\asr_iwrbe
2009-05-01 21:41 78 a------- c:\windows\system32\asr_ibvbm
2009-05-01 06:13 78 a------- c:\windows\system32\asr_hoaxh
2009-05-01 00:12 78 a------- c:\windows\system32\asr_grjtl
2009-04-30 23:48 78 a------- c:\windows\system32\asr_ybvbz
2009-04-30 23:46 78 a------- c:\windows\system32\asr_cdkys
2009-04-30 23:37 78 a------- c:\windows\system32\asr_dvmay
2009-04-30 23:37 78 a------- c:\windows\system32\asr_oenfm
2009-04-30 23:35 80 a------- c:\windows\system32\asr_ufvho
2009-04-30 23:35 78 a------- c:\windows\system32\asr_jowuo
2009-04-30 23:28 78 a------- c:\windows\system32\asr_egpsf
2009-04-30 23:07 78 a------- c:\windows\system32\asr_eqdqv
2009-04-30 22:59 78 a------- c:\windows\system32\asr_xsuqf
2009-04-30 16:00 80 a------- c:\windows\system32\asr_zwvvn
2009-04-30 15:52 81 a------- c:\windows\system32\asr_iebuv
2009-04-30 14:53 81 a------- c:\windows\system32\asr_lycce
2009-04-30 14:49 78 a------- c:\windows\system32\asr_creou
2009-04-30 14:26 81 a------- c:\windows\system32\asr_eqaax
2009-04-30 14:24 80 a------- c:\windows\system32\asr_ldjpf
2009-04-30 13:58 81 a------- c:\windows\system32\asr_ehtwi
2009-04-30 13:40 78 a------- c:\windows\system32\asr_oqrfa
2009-04-30 13:35 78 a------- c:\windows\system32\asr_keytz
2009-04-30 08:06 81 a------- c:\windows\system32\asr_tqixg
2009-04-30 08:00 81 a------- c:\windows\system32\asr_izqdk
2009-04-29 23:36 78 a------- c:\windows\system32\asr_hepnx
2009-04-29 23:26 78 a------- c:\windows\system32\asr_tmepf
2009-04-29 23:11 78 a------- c:\windows\system32\asr_sxygr
2009-04-29 23:05 78 a------- c:\windows\system32\asr_hncqd
2009-04-29 22:57 78 a------- c:\windows\system32\asr_ehzsr
2009-04-29 22:41 78 a------- c:\windows\system32\asr_iymfc
2009-04-29 22:36 78 a------- c:\windows\system32\asr_jwbnu
2009-04-29 22:11 78 a------- c:\windows\system32\asr_grepf
2009-04-29 22:09 78 a------- c:\windows\system32\asr_layvd
2009-04-29 22:07 78 a------- c:\windows\system32\asr_sxdss
2009-04-29 21:10 78 a------- c:\windows\system32\asr_etvej
2009-04-29 20:03 81 a------- c:\windows\system32\asr_gvbxr
2009-04-29 20:01 79 a------- c:\windows\system32\asr_izrgt
2009-04-29 19:55 78 a------- c:\windows\system32\asr_xlynw
2009-04-29 19:47 79 a------- c:\windows\system32\asr_kgpqj
2009-04-29 19:43 79 a------- c:\windows\system32\asr_xyzxi
2009-04-29 19:32 79 a------- c:\windows\system32\asr_hloch
2009-04-29 18:30 78 a------- c:\windows\system32\asr_impia
2009-04-29 18:28 80 a------- c:\windows\system32\asr_fiywn
2009-04-29 18:26 81 a------- c:\windows\system32\asr_holxg
2009-04-29 16:35 81 a------- c:\windows\system32\asr_vpnbw
2009-04-29 16:21 78 a------- c:\windows\system32\asr_smeyn
2009-04-29 16:06 78 a------- c:\windows\system32\asr_meffe
2009-04-29 16:05 78 a------- c:\windows\system32\asr_mgqjl
2009-04-29 15:54 78 a------- c:\windows\system32\asr_eaevn
2009-04-29 15:20 78 a------- c:\windows\system32\asr_oyljr
2009-04-29 13:37 81 a------- c:\windows\system32\asr_vizpu
2009-04-29 13:29 78 a------- c:\windows\system32\asr_nimzu
2009-04-29 13:14 78 a------- c:\windows\system32\asr_rgtct
2009-04-28 20:28 78 a------- c:\windows\system32\asr_qwzjl
2009-04-28 20:24 78 a------- c:\windows\system32\asr_imfng
2009-04-28 20:18 78 a------- c:\windows\system32\asr_hxmks
2009-04-28 20:08 78 a------- c:\windows\system32\asr_rtlee
2009-04-28 20:03 78 a------- c:\windows\system32\asr_wuzzd
2009-04-28 19:59 78 a------- c:\windows\system32\asr_zpbwu
2009-04-28 19:57 78 a------- c:\windows\system32\asr_lepif
2009-04-28 19:57 78 a------- c:\windows\system32\asr_eooll
2009-04-28 19:50 78 a------- c:\windows\system32\asr_tgtrf
2009-04-28 19:48 78 a------- c:\windows\system32\asr_mqcwb
2009-04-28 19:39 81 a------- c:\windows\system32\asr_osrvm
2009-04-28 19:38 78 a------- c:\windows\system32\asr_kyxvj
2009-04-28 19:29 78 a------- c:\windows\system32\asr_dqrwa
2009-04-28 19:18 78 a------- c:\windows\system32\asr_bynej
2009-04-28 19:08 78 a------- c:\windows\system32\asr_xkbpq
2009-04-28 18:59 80 a------- c:\windows\system32\asr_lfxya
2009-04-28 17:48 78 a------- c:\windows\system32\asr_jgpto
2009-04-28 17:40 78 a------- c:\windows\system32\asr_ldikg
2009-04-28 17:25 78 a------- c:\windows\system32\asr_qfuha
2009-04-28 17:09 78 a------- c:\windows\system32\asr_lhwsc
2009-04-28 16:57 78 a------- c:\windows\system32\asr_gkred
2009-04-28 16:49 80 a------- c:\windows\system32\asr_paopi
2009-04-28 16:41 80 a------- c:\windows\system32\asr_fotvt
2009-04-28 16:18 78 a------- c:\windows\system32\asr_iivcp
2009-04-28 16:10 90,624 a------- c:\windows\system32\nq.exe.exe
2009-04-28 15:48 80 a------- c:\windows\system32\asr_jfste
2009-04-28 15:15 78 a------- c:\windows\system32\asr_tryhj
2009-04-28 14:58 78 a------- c:\windows\system32\asr_bskbo
2009-04-28 14:32 78 a------- c:\windows\system32\asr_flpdr
2009-04-28 14:20 78 a------- c:\windows\system32\asr_apwcb
2009-04-28 13:58 78 a------- c:\windows\system32\asr_wcnpu
2009-04-28 13:48 78 a------- c:\windows\system32\asr_ulgfd
2009-04-28 13:33 78 a------- c:\windows\system32\asr_otfol
2009-04-28 13:30 78 a------- c:\windows\system32\asr_bwlts
2009-04-28 13:22 77 a------- c:\windows\system32\asr_dkfiz
2009-04-28 13:19 78 a------- c:\windows\system32\asr_axuiz
2009-04-28 13:00 78 a------- c:\windows\system32\asr_ovzas
2009-04-28 12:47 78 a------- c:\windows\system32\asr_qythp
2009-04-28 12:37 80 a------- c:\windows\system32\asr_ybcfs
2009-04-28 12:29 80 a------- c:\windows\system32\asr_umuxj
2009-04-27 23:38 80 a------- c:\windows\system32\asr_otdll
2009-04-27 23:01 80 a------- c:\windows\system32\asr_ygnqr
2009-04-25 22:12 78 a------- c:\windows\system32\asr_nvphq
2009-04-25 21:18 78 a------- c:\windows\system32\asr_opoxi
2009-04-25 21:10 78 a------- c:\windows\system32\asr_pnrcn
2009-04-25 21:05 78 a------- c:\windows\system32\asr_dcngs
2009-04-25 20:51 23,552 a------- c:\windows\system32\17.scr
2009-04-25 19:58 78 a------- c:\windows\system32\asr_jiqth
2009-04-25 19:54 78 a------- c:\windows\system32\asr_riwdi
2009-04-25 19:46 78 a------- c:\windows\system32\asr_voleg
2009-04-24 22:48 23,552 a------- c:\windows\system32\55.scr
2009-04-24 22:38 78 a------- c:\windows\system32\asr_zwbzk
2009-04-23 17:37 78 a------- c:\windows\system32\asr_frmzg
2009-04-23 17:25 78 a------- c:\windows\system32\asr_qtlgz
2009-04-23 17:13 78 a------- c:\windows\system32\asr_ccrbd
2009-04-23 17:07 78 a------- c:\windows\system32\asr_ifawv
2009-04-23 16:51 78 a------- c:\windows\system32\asr_izwvg
2009-04-23 16:15 78 a------- c:\windows\system32\asr_lhrkz
2009-04-23 16:02 78 a------- c:\windows\system32\asr_hvkze
2009-04-23 15:29 78 a------- c:\windows\system32\asr_wtsoa
2009-04-23 15:28 78 a------- c:\windows\system32\asr_zpwpp
2009-04-23 14:49 78 a------- c:\windows\system32\asr_wvamt
2009-04-23 14:35 78 a------- c:\windows\system32\asr_pvhef
2009-04-23 14:16 80 a------- c:\windows\system32\asr_iiayy
2009-04-23 14:03 78 a------- c:\windows\system32\asr_hncwz
2009-04-23 14:01 80 a------- c:\windows\system32\asr_bwarj
2009-04-23 13:48 80 a------- c:\windows\system32\asr_jgeje
2009-04-23 13:32 78 a------- c:\windows\system32\asr_axqhb
2009-04-23 13:19 23,552 a------- c:\windows\system32\31.scr
2009-04-23 13:17 80 a------- c:\windows\system32\asr_onzux
2009-04-23 13:15 78 a------- c:\windows\system32\asr_edibl
2009-04-23 13:10 78 a------- c:\windows\system32\asr_vokli
2009-04-23 12:58 78 a------- c:\windows\system32\asr_qamzt
2009-04-23 12:46 78 a------- c:\windows\system32\asr_hveop
2009-04-23 12:42 78 a------- c:\windows\system32\asr_leoye
2009-04-23 12:41 81,920 a------- c:\windows\system32\87.scr
2009-04-23 11:56 78 a------- c:\windows\system32\asr_cvpuz
2009-04-23 11:31 78 a------- c:\windows\system32\asr_jwqpf
2009-04-23 09:58 78 a------- c:\windows\system32\asr_sbkoz
2009-04-22 23:04 78 a------- c:\windows\system32\asr_lamye
2009-04-22 23:01 78 a------- c:\windows\system32\asr_dpnzw
2009-04-22 22:44 0 a------- c:\windows\system32\poc.exe
2009-04-22 22:44 78 a------- c:\windows\system32\asr_jjhtl
2009-04-20 19:54 91,136 a------- c:\windows\system32\mt.exe.exe
2009-04-20 18:41 0 a------- c:\windows\system32\asr_88212.exe
2009-04-20 18:41 79 a------- c:\windows\system32\asr_nrklu
2009-04-20 18:25 79 a------- c:\windows\system32\asr_vsygp
2009-04-20 18:25 0 a------- c:\windows\system32\asr_43333.exe
2009-04-20 18:24 0 a------- c:\windows\system32\asr_33716.exe
2009-04-20 18:24 79 a------- c:\windows\system32\asr_cvcbc
2009-04-20 18:01 80 a------- c:\windows\system32\asr_oxvzz
2009-04-20 18:01 0 a------- c:\windows\system32\asr_71521.exe
2009-04-20 18:01 78 a------- c:\windows\system32\asr_nraaf
2009-04-20 17:43 81 a------- c:\windows\system32\asr_ntlfh
2009-04-20 17:43 0 a------- c:\windows\system32\asr_23028.exe
2009-04-20 17:39 80 a------- c:\windows\system32\asr_zsbhq
2009-04-20 17:25 0 a------- c:\windows\system32\asr_53004.exe
2009-04-20 17:25 80 a------- c:\windows\system32\asr_lrfhf
2009-04-20 17:19 80 a------- c:\windows\system32\asr_bleqm
2009-04-20 17:19 0 a------- c:\windows\system32\asr_14485.exe
2009-04-20 17:17 80 a------- c:\windows\system32\asr_khrus
2009-04-20 17:17 0 a------- c:\windows\system32\asr_64576.exe
2009-04-20 17:15 0 a------- c:\windows\system32\asr_11755.exe
2009-04-20 17:15 81 a------- c:\windows\system32\asr_jamux
2009-04-20 16:57 80 a------- c:\windows\system32\asr_qnsoh
2009-04-20 16:44 80 a------- c:\windows\system32\asr_fvyik
2009-04-20 15:53 80 a------- c:\windows\system32\asr_pwowz
2009-04-20 15:51 80 a------- c:\windows\system32\asr_ustdr
2009-04-20 15:51 0 a------- c:\windows\system32\asr_61313.exe
2009-04-20 15:44 80 a------- c:\windows\system32\asr_vhuaq
2009-04-20 15:35 0 a------- c:\windows\system32\asr_30601.exe
2009-04-20 15:35 79 a------- c:\windows\system32\asr_pxlgk
2009-04-20 15:18 81 a------- c:\windows\system32\asr_clncv
2009-04-20 15:02 80 a------- c:\windows\system32\asr_ibclu
2009-04-20 13:54 79 a------- c:\windows\system32\asr_gtiys
2009-04-20 13:52 79 a------- c:\windows\system32\asr_xtrwv
2009-04-20 13:52 0 a------- c:\windows\system32\asr_77841.exe
2009-04-20 13:17 79 a------- c:\windows\system32\asr_aaikv
2009-04-20 13:17 0 a------- c:\windows\system32\asr_64046.exe
2009-04-20 13:10 80 a------- c:\windows\system32\asr_kocmu
2009-04-20 13:10 0 a------- c:\windows\system32\asr_76014.exe
2009-04-19 23:34 80 a------- c:\windows\system32\asr_knghh
2009-04-19 23:34 0 a------- c:\windows\system32\asr_58883.exe
2009-04-19 23:32 80 a------- c:\windows\system32\asr_qzkwb
2009-04-19 23:32 0 a------- c:\windows\system32\asr_48625.exe
2009-04-19 23:06 80 a------- c:\windows\system32\asr_hauwc
2009-04-19 23:06 0 a------- c:\windows\system32\asr_18720.exe
2009-04-19 17:45 81 a------- c:\windows\system32\asr_hjxem
2009-04-19 17:39 0 a------- c:\windows\system32\asr_77627.exe
2009-04-19 17:39 81 a------- c:\windows\system32\asr_iqfya
2009-04-19 17:16 80 a------- c:\windows\system32\asr_hiksi
2009-04-19 16:51 80 a------- c:\windows\system32\asr_wvqvm
2009-04-19 16:26 80 a------- c:\windows\system32\asr_jwdep
2009-04-19 16:21 80 a------- c:\windows\system32\asr_uzfiw
2009-04-19 14:22 80 a------- c:\windows\system32\asr_mrbqu
2009-04-19 14:19 80 a------- c:\windows\system32\asr_wfxri
2009-04-19 14:10 80 a------- c:\windows\system32\asr_dmtjs
2009-04-19 14:04 80 a------- c:\windows\system32\asr_ulcdg
2009-04-19 13:56 80 a------- c:\windows\system32\asr_wvqut
2009-04-19 13:55 80 a------- c:\windows\system32\asr_mbmdr
2009-04-19 13:39 80 a------- c:\windows\system32\asr_xdpdt
2009-04-19 13:18 80 a------- c:\windows\system32\asr_axbzf
2009-04-19 13:07 80 a------- c:\windows\system32\asr_kfrrn
2009-04-19 12:39 80 a------- c:\windows\system32\asr_lbcnj
2009-04-19 12:36 80 a------- c:\windows\system32\asr_huzmc
2009-04-18 16:09 80 a------- c:\windows\system32\asr_yjiyz
2009-04-18 15:58 80 a------- c:\windows\system32\asr_kimeo
2009-04-18 15:34 80 a------- c:\windows\system32\asr_fexvr
2009-04-18 15:30 80 a------- c:\windows\system32\asr_tgzvq
2009-04-18 15:19 80 a------- c:\windows\system32\asr_somfi
2009-04-18 15:17 80 a------- c:\windows\system32\asr_rxgaq
2009-04-18 15:11 80 a------- c:\windows\system32\asr_ucjyg
2009-04-18 08:37 80 a------- c:\windows\system32\asr_kflhm
2009-04-18 08:24 80 a------- c:\windows\system32\asr_wkwcx
2009-04-18 08:19 80 a------- c:\windows\system32\asr_oacle
2009-04-17 15:57 81,920 a------- c:\windows\system32\85.scr
2009-04-17 15:57 80 a------- c:\windows\system32\asr_elipu
2009-04-17 15:52 80 a------- c:\windows\system32\asr_zkvrf
2009-04-17 15:44 80 a------- c:\windows\system32\asr_lilvi
2009-04-17 15:13 23,552 a------- c:\windows\system32\45.scr
2009-04-17 15:02 80 a------- c:\windows\system32\asr_sndis
2009-04-17 14:59 102,550 a------- c:\windows\system32\msvcrt2.dll
2009-04-16 23:48 80 a------- c:\windows\system32\asr_leggi
2009-04-16 23:46 80 a------- c:\windows\system32\asr_ucqky
2009-04-16 23:39 79 a------- c:\windows\system32\asr_bgbvv
2009-04-16 23:39 0 a------- c:\windows\system32\asr_26422.exe
2009-04-16 23:35 80 a------- c:\windows\system32\asr_bceas
2009-04-16 23:32 80 a------- c:\windows\system32\asr_xphwl
2009-04-16 22:33 80 a------- c:\windows\system32\asr_lrlav
2009-04-15 22:18 80 a------- c:\windows\system32\asr_bvpxm
2009-04-15 22:18 0 a------- c:\windows\system32\asr_41676.exe
2009-04-15 22:17 80 a------- c:\windows\system32\asr_troyv
2009-04-15 22:17 0 a------- c:\windows\system32\asr_23746.exe
2009-04-15 22:12 79 a------- c:\windows\system32\asr_gvkwy
2009-04-15 22:12 0 a------- c:\windows\system32\asr_75341.exe
2009-04-15 21:32 0 a------- c:\windows\system32\asr_00305.exe
2009-04-15 21:31 78 a------- c:\windows\system32\asr_ghxqz
2009-04-15 21:16 0 a------- c:\windows\system32\asr_76738.exe
2009-04-15 21:16 80 a------- c:\windows\system32\asr_cgucu
2009-04-15 21:05 0 a------- c:\windows\system32\asr_28287.exe
2009-04-15 21:04 79 a------- c:\windows\system32\asr_zliul
2009-04-15 20:36 80 a------- c:\windows\system32\asr_eqvzs
2009-04-15 20:36 0 a------- c:\windows\system32\asr_36850.exe
2009-04-15 04:15 0 a------- c:\windows\system32\asr_80564.exe
2009-04-15 04:15 81 a------- c:\windows\system32\asr_vmonn
2009-04-15 03:53 0 a------- c:\windows\system32\asr_02275.exe
2009-04-15 03:53 81 a------- c:\windows\system32\asr_cklrl
2009-04-15 02:48 0 a------- c:\windows\system32\asr_65016.exe
2009-04-15 02:48 81 a------- c:\windows\system32\asr_xjoqh
2009-04-15 00:58 82 a------- c:\windows\system32\asr_vylob
2009-04-15 00:34 80 a------- c:\windows\system32\asr_avkyv
2009-04-14 23:44 82 a------- c:\windows\system32\asr_slwww
2009-04-14 21:12 82 a------- c:\windows\system32\asr_yktgw
2009-04-13 07:38 89 a------- c:\windows\system32\asr_ghvdq
2009-04-13 07:22 89 a------- c:\windows\system32\asr_bbare
2009-04-13 07:20 89 a------- c:\windows\system32\asr_byfca
2009-04-13 07:17 89 a------- c:\windows\system32\asr_qbgsa
2009-04-13 07:13 89 a------- c:\windows\system32\asr_bhxur
2009-04-13 07:00 89 a------- c:\windows\system32\asr_ljseu
2009-04-13 07:00 89 a------- c:\windows\system32\asr_nzmlp
2009-04-13 06:59 89 a------- c:\windows\system32\asr_hhkjs
2009-04-13 06:38 89 a------- c:\windows\system32\asr_lgwek
2009-04-12 21:16 86 a------- c:\windows\system32\asr_iakpd
2009-04-12 21:15 0 a------- c:\windows\system32\asr_00604.exe
2009-04-12 21:15 80 a------- c:\windows\system32\asr_reudj
2009-04-12 21:14 0 a------- c:\windows\system32\asr_15467.exe
2009-04-12 21:14 80 a------- c:\windows\system32\asr_klebq
2009-04-12 19:39 86 a------- c:\windows\system32\asr_uguqr
2009-04-12 19:36 86 a------- c:\windows\system32\asr_hsbpb
2009-04-12 19:30 86 a------- c:\windows\system32\asr_fkyax
2009-04-12 19:29 86 a------- c:\windows\system32\asr_cgmxu
2009-04-12 19:10 86 a------- c:\windows\system32\asr_kfopw
2009-04-12 18:52 86 a------- c:\windows\system32\asr_kgugc
2009-04-12 18:43 86 a------- c:\windows\system32\asr_tofdy
2009-04-12 17:03 86 a------- c:\windows\system32\asr_deunr
2009-04-12 16:59 86 a------- c:\windows\system32\asr_uwgnf
2009-04-12 08:23 80 a------- c:\windows\system32\asr_muymm
2009-04-12 08:12 80 a------- c:\windows\system32\asr_xcvfn
2009-04-11 21:08 86 a------- c:\windows\system32\asr_gnxwz
2009-04-10 23:42 86 a------- c:\windows\system32\asr_ksuvn
2009-04-10 23:35 86 a------- c:\windows\system32\asr_howye
2009-04-10 23:33 86 a------- c:\windows\system32\asr_ihgmq
2009-04-10 23:01 86 a------- c:\windows\system32\asr_fjwdf
2009-04-10 22:26 86 a------- c:\windows\system32\asr_zgrkh
2009-04-10 22:16 86 a------- c:\windows\system32\asr_fybat
2009-04-10 22:15 0 a------- c:\windows\system32\image.jpg
2009-04-10 22:15 86 a------- c:\windows\system32\asr_jmqgx
2009-04-10 08:19 0 a------- c:\windows\system32\asr_73887.exe
2009-04-10 08:18 77 a------- c:\windows\system32\asr_ccwxz
2009-04-10 08:10 78 a------- c:\windows\system32\asr_gemqh
2009-04-10 08:07 0 a------- c:\windows\system32\asr_27545.exe
2009-04-10 08:07 80 a------- c:\windows\system32\asr_clhfv
2009-04-10 08:00 0 a------- c:\windows\system32\asr_50102.exe
2009-04-10 08:00 80 a------- c:\windows\system32\asr_aulor
2009-04-10 07:45 81 a------- c:\windows\system32\asr_tfpgo
2009-04-10 07:45 0 a------- c:\windows\system32\asr_05284.exe
2009-04-10 07:40 0 a------- c:\windows\system32\asr_67828.exe
2009-04-10 07:40 79 a------- c:\windows\system32\asr_izcfc
2009-04-10 07:15 0 a------- c:\windows\system32\asr_03370.exe
2009-04-10 07:15 79 a------- c:\windows\system32\asr_kztmk
2009-04-10 07:11 79 a------- c:\windows\system32\asr_qmzkf
2009-04-10 07:11 0 a------- c:\windows\system32\asr_76048.exe
2009-04-09 06:57 80 a------- c:\windows\system32\asr_gpsgs
2009-04-09 06:57 0 a------- c:\windows\system32\asr_87507.exe
2009-04-08 21:20 81 a------- c:\windows\system32\asr_vphyv
2009-04-08 21:20 0 a------- c:\windows\system32\asr_71111.exe

==================== Find3M ====================

2009-03-15 15:55 56,268 a------- c:\windows\system32\drivers\scdemu.sys
2009-03-09 19:08 499,712 a------- c:\windows\system32\msvcp71.dll
2009-03-09 19:08 348,160 a------- c:\windows\system32\msvcr71.dll
2006-05-09 11:14 56 a------- c:\program files\common files\appop.log
2005-03-03 21:40 16,896 a------- c:\program files\common files\so_icon_lib.dll

============= FINISH: 19:59:29.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:13 AM

Posted 23 May 2009 - 09:32 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:13 AM

Posted 30 May 2009 - 01:54 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please start a new topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users