Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Blocking Task Manager and Startup Processes


  • This topic is locked This topic is locked
4 replies to this topic

#1 sconeskimmer

sconeskimmer

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 09 July 2009 - 01:51 PM

Hello! For a few months now, my mom's computer has been pretty messed up since her and my sisters are pretty computer illiterate and had little or no protection on their computer. I'd come over for dinner every Thursday and try and fix it, and every week it just got progressively worse. I'm thinking the infection came from either lots of P2P file sharing, or failure to use any caution in browsing and not being able to scan on more than a weekly basis. I haven't even tried in a month, and the problem is just as bad; the only way the computer will start is in safe mode, otherwise as soon as you log in all processes stop running, and some program has blocked the use of RegEdit and the Task Manager so I can't manually start it up. I'm not exactly a whiz kid either, so I'm gonna let someone with actual expertise try and handle this one, because I've come to realize I really can't. Any help is EXTREMELY appreciated.

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Administrator at 14:39:08.98 on Thu 07/09/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.676 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\Program Files\Spyware Doctor\pctsAuxs.exe
E:\Program Files\Spyware Doctor\pctsSvc.exe
E:\Program Files\Spyware Doctor\pctsTray.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

mURLSearchHooks: H - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - e:\program files\askbardis\bar\bin\askBar.dll
TB: MATCHMAKER: {a057a204-bacc-4d26-8e98-70ac85e57e9d} - e:\progra~1\matchm~1\MATCHM~1.DLL
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - e:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] e:\windows\system32\NeroCheck.exe
mRun: [Monitor] e:\windows\pixart\pac207\Monitor.exe
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] e:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "e:\program files\spyware doctor\pctsTray.exe"
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MSConfig] e:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [Malwarebytes' Anti-Malware] e:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "e:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [uidenhiufgsduiazghs] e:\windows\temp\f9kdy2mz.exe
dRun: [<NO NAME>] e:\windows\temp\ydyxy2q1up.exe
dRun: [nzdflkioezncfiunfindiuchiuenfcdc] e:\windows\temp\ydyxy2q1up.exe
dRun: [Cognac] e:\windows\temp\b.exe
StartupFolder: e:\docume~1\alluse~1.win\startm~1\programs\startup\hpoddt~1.lnk - e:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: Add to Google Photos Screensa&ver - e:\windows\system32\GPhotos.scr/200
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - e:\documents and settings\olivia\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - e:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229887878498
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238099749390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - e:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli e:\windows\system32\liwafuso.dll e:\windows\system32\hejonozu.dll e:\windows\system32\riyerefo.dll

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\cpyyne60.default\
FF - component: e:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: e:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: e:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{000622CB-70CB-430D-A551-888B30380D04}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{033D13D2-4A49-4C3F-92F7-CFE5D7B53CE9}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{0819B0CE-A85C-4C2F-B7D1-AFC5C93902FC}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{0EBACA6A-DD07-4D02-87BC-2B896810E5F8}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{10FD1E1B-7A6A-4995-A604-9213954EF316}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{13444360-7919-4FA0-A337-56EC1107DE2C}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{142D9A6D-371D-4882-86A7-DFFACD8AA5A3}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{1568B778-3C0A-41DA-936D-BD4B071A4474}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{21610570-8BA6-4786-A485-E4BE3B02EED2}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{2321A4CC-C98B-4168-A64B-E8CEC78F4ED7}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{241380BD-4137-4DF0-B4FB-DABC8529E67F}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{25EF1C4D-B7AD-4725-B179-162DDE37EC17}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{2E658A29-1451-47B5-BFE8-3FCF3E5016FE}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{31C1C49F-A719-45BC-AA5A-909EAB4FCFF4}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{390F1EEF-FA09-49B3-82CA-784B51731925}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{402D28AD-375F-44CE-B709-076A2279792A}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{412279CE-632E-4EB8-B9A9-94912688460B}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{42A9B7EA-E75C-4702-850F-32CB7B450A9B}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{4A71B252-FEB6-4E52-A44E-A92F92CD3C1C}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{4FEE6E5C-EDEB-4160-BC9E-25168811CBAB}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{51FC95EE-3E3F-4D56-8362-219E63135EEB}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{5397501E-26EF-4704-8A34-8CD36F0215F9}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{579AB881-9899-49A9-83DD-84EDE6EF6A3F}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{589B0CFC-D851-45EC-AD07-E13300954524}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{601ADFB8-6D88-4457-ACE7-E054B05FC319}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{65BE6629-1592-4875-8BA3-4E63A6D86CE4}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{6A7BF12E-CC4B-4B46-ADD8-7705CD4B0051}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{6B8E6664-A997-4DAE-8068-D90055F732D8}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{6B9E03F1-D111-4F72-B7D7-115984EB1F26}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{6BB01941-3B97-4D16-87DA-B7BE32949D8F}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{6EE80018-A1F1-4F7F-962F-995BDFA4C8CB}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{7551F73D-B5E4-45C3-8C4B-E9728D47AA2E}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{77143A5C-9B1D-45E6-948E-4A01A53BC555}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{773D69F1-FFF9-4777-A542-49A529251A91}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{7FEBED86-41DD-4BD4-A5B5-42F88F2A37DA}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{81FCEB47-E86E-4D43-BA4B-3321C8CA8424}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{8204E24A-4C7B-4C87-AC5D-3D61B4C1A38E}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{82220D5F-5DFE-4634-938A-5907D475910B}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{8D67D175-E562-4EE0-86E2-B86910860787}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{911E1298-8294-4521-87B7-48CB32080B24}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{93E5C71E-2F95-44F4-BE4D-7A7155A81D7E}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{9522C024-55F1-4957-9613-F2F63FB9265B}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{95F5BC5B-B86C-4122-A9B3-66487695A094}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{9A42E236-8E28-4CD8-A65C-69A00107574D}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{A89B6EE8-6086-48DB-8583-C67A604BD360}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{AC116533-12F0-4D36-BF7A-FBC66CA99AE7}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{AC8FBD03-775D-4F7C-909E-4BF4D186D744}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{AEBBB473-9B0D-41AC-B49F-C88F3D1A43AA}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{AFEDD493-797A-4D69-BD09-C0679BA9D823}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{B0F21671-FAF0-4C02-9C54-61D99094DC1E}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{B2C47EF2-63BB-412E-A22B-720CA4F050BC}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{B2EDDBE6-F78E-4C94-BACD-FF7BD2F7BE96}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{B50D7071-5648-4BF0-9831-C5542F38018E}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{C08F4144-BA15-430E-B141-0E3BA496ABA2}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{C1547E82-B8A4-45DA-9C7D-F9B1315A00C9}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{D2840F98-07D2-4D06-BBC9-BFAE817D9352}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{D5BD0730-EE93-43A4-B6C4-540094725D7F}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{D8A3A16F-4D09-45DE-906A-2B8C15024891}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{D8F32450-83DC-43B0-B4A3-4516BC8177F9}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{DE97432E-4C9E-4380-8BCA-5876C2C7A201}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{E0DB8E89-72D6-4E17-8BFE-1DCBF161659B}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{E7D7E5B5-7E8E-4F48-8F65-3C92EE62BFD6}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{E837EAF4-934A-4DC4-B721-BD820DD210AF}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{EA3EC52E-1FA4-45D8-A781-D95F183C12A0}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{EA5255D2-5821-435F-8146-A9A1130B745B}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{EA96D33A-08BE-4898-8524-7541F8E8E91D}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{EB7DB70C-5CD4-4BC5-9A80-0F4A7335099E}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{EB7FC44E-0EA9-44E9-B78D-B14F5FA5CCD2}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{EE50646C-C91D-4552-8B43-F7E00927C46E}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{EF6F09F3-1A36-45CC-8B01-AFB5CBE8310A}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{F7FDF145-BE44-48CD-96C5-75DC79184575}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{F997C623-17D8-4EB6-86E6-76BC0F1E895F}
FF - HiddenExtension: XUL Cache: No Registry Reference - e:\program files\mozilla firefox\extensions\{FC039EF0-585F-4496-A55D-7DE2A42302D8}

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;e:\windows\system32\drivers\ikfilesec.sys [2008-12-21 40840]
R1 AvgTdiX;AVG Free8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [2009-4-2 108552]
R1 IKSysFlt;System Filter Driver;e:\windows\system32\drivers\iksysflt.sys [2008-12-21 66952]
R1 IKSysSec;System Security Driver;e:\windows\system32\drivers\iksyssec.sys [2008-12-21 81288]
R2 sdAuxService;PC Tools Auxiliary Service;e:\program files\spyware doctor\pctsAuxs.exe [2008-12-21 356920]
R2 sdCoreService;PC Tools Security Service;e:\program files\spyware doctor\pctsSvc.exe [2008-12-21 1079176]
S0 dwyzwznd;dwyzwznd;e:\windows\system32\drivers\cgbnnqh.sys --> e:\windows\system32\drivers\cgbnnqh.sys [?]
S1 951583d4;951583d4; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [2009-4-2 325896]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;e:\windows\system32\drivers\avgmfx86.sys [2009-4-2 27784]
S2 avg8emc;AVG Free8 E-mail Scanner;e:\progra~1\avg\avg8\avgemc.exe [2009-4-2 908568]
S2 avg8wd;AVG Free8 WatchDog;e:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-2 298776]
S2 Ca533av;Icatch(IV) Video Camera Device;e:\windows\system32\drivers\ca533av.sys --> e:\windows\system32\drivers\Ca533av.sys [?]
S2 fssfltr;FssFltr;e:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-27 55152]
S2 SeaPort;SeaPort;e:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
S3 fsssvc;Windows Live Family Safety;e:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 PAC207;CIF USB Camera;e:\windows\system32\drivers\PFC027.SYS [2009-3-22 505984]
S3 Radialpoint Security Services;Radialpoint Security Services;e:\windows\system32\dllhost.exe [2004-8-4 5120]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 USBCamera;Icatch(IV) Still Camera Device;e:\windows\system32\drivers\bulk533.sys --> e:\windows\system32\drivers\Bulk533.sys [?]

=============== Created Last 30 ================

2009-07-09 14:20 <DIR> --d----- e:\program files\Trend Micro
2009-07-09 14:17 <DIR> --d----- E:\!KillBox

==================== Find3M ====================

2009-06-05 15:29 111,271 a------- e:\windows\system32\install.48025.exe
2009-05-28 15:50 77,312 a------- e:\windows\system32\userinit.exe
2009-05-28 01:10 99,422 a------- e:\windows\system32\drivers\a96accda.sys
2009-05-26 13:20 40,160 a------- e:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- e:\windows\system32\drivers\mbam.sys
2009-05-18 15:21 11,952 a------- e:\windows\system32\avgrsstx.dll
2009-05-01 17:25 2,713 ---sh--- e:\windows\system32\fetutupi.exe

============= FINISH: 14:39:34.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 10 July 2009 - 03:16 AM

IMPORTANT!! Please disable these programs (if present) before proceed with our fixes.. . Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

1. SpySweeper
2. Spyware Doctor
3. Windows Defender
4. Trojan Hunter
5. WinPatrol
6. Spybot S&D
7. Lavasoft Ad-Aware
8. Zone Alarm
9. AVG8



Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




NEXT


Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.



NEXT


Please download the OTM by OldTimer
  • Save it to your Desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    dwyzwznd
    951583d4
    
    :files
    e:\windows\system32\install.48025.exe
    e:\windows\system32\drivers\a96accda.sys
    e:\windows\system32\fetutupi.exe
    e:\windows\system32\drivers\cgbnnqh.sys
    
    :reg
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. GooredFix
3. DDS.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 20 July 2009 - 04:09 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 24 July 2009 - 03:28 PM

Topic reopen as user request.. Please post a fresh DDS log only :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 05 August 2009 - 12:20 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users