Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is jacked..............


  • This topic is locked This topic is locked
63 replies to this topic

#1 bidi00

bidi00

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 22 August 2009 - 07:27 PM

I keep getting blue screens and internet search redirects. computer seems slow as well.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:51 PM, on 8/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Michael Lombardo\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://creed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {33BF5F4E-5758-40D9-927F-9DD476CA9635} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {914420b2-7455-4722-b1e1-d206e32cb176} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{CF7D4B29-91D3-408E-91FB-5538CE643D1A}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{C0638AD1-493A-4A96-A3D7-A9922E5818F3}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4AEF8AEE-3DE8-4B69-8B6E-6353B6C59B50} (RealPage Web Objects) - http://onesite.realpage.com/coreglobal/Rea...ab/Realpage.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195967445578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195967416390
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NFAgent - Unknown owner - C:\Program Files\system\smss.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 12332 bytes


Please help!!

BC AdBot (Login to Remove)

 


#2 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 03 September 2009 - 09:48 AM

Hello bidi00, and welcome to BleepingComputer.com! I will be handling your log to help you get cleaned up. :thumbup2:

We apologize for the delay in responding to your request for help. Here at BleepingComputer.com we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply witin the next 5 days, we will need to close your topic.

Please take note of some guidelines for this fix:
  • I will start working on your malware issues, this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Refrain from making any changes to your computer including installing/uninstalling programs, deleting files, modifying the registry, and running extra scanners or fix programs not requested by me: doing so could change the results in the reports I request.
  • The process is not instant: even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I tell you your machine is clean. Just because a symptom disappears does not mean your system is clean. We do not want to clean you part-way, only to have the system re-infect itself.
  • If you do not understand any step(s) provided, please stop and ask your question(s) before proceeding with the fixes. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please set aside enough time to complete all the steps in each post and follow the instructions in the order stated.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If for any reason you cannot complete instructions within that time, that's fine, but please let me know: just post back here so that I know you are still here. This is to ensure that your topic remains open and I don't close it to start a new post.
    NOTE: In the upper right hand corner of the topic you will see a button called Options. If you click on this button, a drop-down menu will expand. By choosing Track this topic and then choosing Immediate Email Notification, followed by clicking Proceed, you will be advised when I respond to your topic. This facilitates the cleaning procedure. The topics you are tracking can be found here.
  • Please reply to this thread using the Add Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Reviewing your log(s) requires an amount of research, so please be patient. However, if I have not posted back within 24 hours, feel free to send me a Personal Message (PM) with your topic link.


If you still require assistance, please post a new set of logs from DDS and a description of any remaining problems or symptoms you may still have.

If for any reason you did not post a DDS log please refer to this page and in step #6 there are instructions on downloading and running DDS. If you have any problems, just let me know in your next reply or simply post a HijackThis log.

Then, please check for rootkits with RootRepeal:

So for your next reply, I would like to see:
  • the DDS logs:
    • DDS.txt
    • Attach.txt (attached)
  • the RootRepeal report (RootRepeal.txt)
  • a description of any remaining problems
Thanks again and we apologize for the delay.

With kindest regards,

htv8
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#3 bidi00

bidi00
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 06 September 2009 - 06:53 PM

Thank you for taking the time to help me. Here are the logs you requested.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Michael Lombardo at 14:10:22.72 on Sun 09/06/2009
Internet Explorer: 6.0.2900.5512

============== Pseudo HJT Report ===============

uStart Page = hxxp://creed.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: {33BF5F4E-5758-40D9-927F-9DD476CA9635} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {914420b2-7455-4722-b1e1-d206e32cb176} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Nero PhotoShow Media Manager] c:\progra~1\nero\photos~1\data\xtras\mssysmgr.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &Define - c:\program files\common files\microsoft shared\reference 2001\a\ERS_DEF.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Look Up in &Encyclopedia - c:\program files\common files\microsoft shared\reference 2001\a\ERS_ENC.HTM
IE: {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\program files\common files\microsoft shared\reference 2001\a\ERS_ENC.HTM
IE: {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\program files\common files\microsoft shared\reference 2001\a\ERS_DEF.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4AEF8AEE-3DE8-4B69-8B6E-6353B6C59B50} - hxxp://onesite.realpage.com/coreglobal/RealpageCab/Realpage.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195967445578
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195967416390
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38172.4487962963
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-22 20:40 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-22 20:16 <DIR> --d----- c:\program files\Avira
2009-08-22 20:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-22 16:39 <DIR> --d----- c:\program files\Sophos
2009-08-16 20:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-08-15 12:05 <DIR> --d----- C:\_OTM
2009-08-15 11:01 <DIR> a-d----- c:\windows\system32\images
2009-08-11 23:49 <DIR> --d----- c:\windows\pss
2009-08-11 20:12 45,344 a------- c:\windows\system32\drivers\mqf7b5e.sys
2009-08-11 18:24 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 18:24 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-08 19:17 <DIR> --dsh--- c:\documents and settings\michael lombardo\IECompatCache
2009-08-08 18:57 70,380 a---h--- c:\windows\system32\mlfcache.dat
2009-08-08 18:52 <DIR> --dsh--- c:\documents and settings\michael lombardo\PrivacIE
2009-08-08 18:45 <DIR> --dsh--- c:\documents and settings\michael lombardo\IETldCache
2009-08-08 18:37 81,920 a------- c:\windows\system32\ieencode.dll
2009-08-08 18:37 81,920 a------- c:\windows\system32\dllcache\ieencode.dll
2009-08-08 18:34 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-08-08 18:34 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-08 18:34 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-08 18:34 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-08 18:34 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-08-08 18:33 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-08-08 16:32 <DIR> --d----- c:\program files\iPod
2009-08-08 16:32 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-08-24 18:32 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-10 18:52 138,952 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-10 18:51 202,512 a------- c:\windows\system32\PnkBstrB.exe
2009-07-06 12:02 98,304 a------- c:\windows\system32\CmdLineExt.dll
2009-06-26 09:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 23:04 345,630 a------- c:\windows\system32\kungsfphrsdoun.dat
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-07 21:41 87,608 a------- c:\docume~1\michae~1\applic~1\inst.exe
2009-06-07 21:41 47,360 a------- c:\docume~1\michae~1\applic~1\pcouffin.sys
2008-11-05 21:45 61,224 a------- c:\documents and settings\michael lombardo\GoToAssistDownloadHelper.exe
2005-11-02 00:45 36 a------- c:\documents and settings\michael lombardo\klextlock.dat

============= FINISH: 14:27:41.64 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/3/2004 9:18:25 PM
System Uptime: 9/6/2009 2:00:33 PM (0 hours ago)

Motherboard: Dell Computer Corporation | | Dimension 4300

==== Installed Programs ======================

µTorrent
ABBYY FineReader 5.0 Sprint Plus
Action Replay Code Manager
Ad-Aware
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.8
Adobe Shockwave Player 11
Age of Empires III
AgeOfCastles
Anewsoft MP3 Recorder 2.0
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Backup Dell-Installed Programs
Battlefield 1942 Multiplayer Demo
Battlefield 1942 Singleplayer Demo
Battlefield 2: Deluxe Edition
Bonjour
Call of Duty Game of the Year Edition
Call of Duty® 2
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
DellTouch
DivX
DivX Player
DOM
EA downloader
EA SPORTS online 2007
Empire Earth II
Empire Earth II: The Art of Supremacy
EPSON CardMonitor
EPSON Copy Utility
EPSON Photo Print
EPSON PhotoStarter3.2
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON SPRX600 Reference Guide
FoneSync
GameSpy Arcade
GameSpy Software
Google Earth
Google Updater
Guild Wars
GuitarVision
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
IrfanView (remove only)
iTunes
Java™ 6 Update 15
KhalInstallWrapper
LightScribe Diagnostic Utility
LightScribe System Software
Logitech Desktop Messenger
Logitech SetPoint
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Medal of Honor Allied Assault
Medal of Honor Allied Assault™ Breakthrough
Medal of Honor Allied Assault™ Breakthrough Patch v2.40
Medal of Honor Allied Assault™ Spearhead
Medal of Honor Allied Assault™ Spearhead Patch 2.15
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Broadband Networking
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2001
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2001
Microsoft Office 2000 SR-1 Premium
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007 Trial
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher 2003
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Picture It! Publishing 2001
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets and Trips 2001
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Media Video 9 VCM
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
Morrowind
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 8 Essentials
neroxml
NVIDIA Display Driver
NVIDIA Drivers
PowerDVD
QuickTime
RCT3 Soaked
RealPlayer Basic
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Time Twister
RollerCoaster Tycoon 2: Wacky Worlds
RollerCoaster Tycoon® 3
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Spybot - Search & Destroy
TES Construction Set
The Sims™ Life Stories
Tiger Woods PGA TOUR 07
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb972691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VCRedistSetup
WavePad Uninstall
WebFldrs XP
WinAce Archiver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Works Suite OS Pack
Works Synchronization
Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
Yugioh Virtual Dueling
Zoo Tycoon: Complete Collection

==== End Of File ===========================


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/06 14:52
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2B12000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8C58000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7FF0000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SKYNEToyxckbgo.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNEToyxckbgo.sys
Address: 0xF2E28000 Size: 151552 File Visible: - Signed: -
Status: Hidden from the Windows API!

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\SKYNETadvjiyba.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETdpkrarer.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETedduwiaw.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETftdoyrne.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\SKYNETdwmabdrwpq.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Tyler Lombardo\Desktop\Yugioh Virtual Desktop 9.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\drivers\mqf7b5e.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\SKYNEToyxckbgo.sys
Status: Invisible to the Windows API!

Path: c:\documents and settings\michael lombardo\local settings\temp\wera8ad.dir00\safari.exe.hdmp
Status: Allocation size mismatch (API: 89014272, Raw: 11862016)

Path: C:\Documents and Settings\Michael Lombardo\Local Settings\Temporary Internet Files\Content.IE5\CMU78NTI\skynet-virus-t248346[1].html
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Michael Lombardo\Local Settings\Temporary Internet Files\Content.IE5\S9R22TF7\skynet-virus-t248346[1].html
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Michael Lombardo\Local Settings\Temporary Internet Files\Content.IE5\U5R0QUQT\skynet-virus-t248346[1].html
Status: Invisible to the Windows API!

SSDT
-------------------
#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "<unknown>" at address 0x82f3f4a0

Stealth Objects
-------------------
Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: winlogon.exe (PID: 508) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: services.exe (PID: 552) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: lsass.exe (PID: 572) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETedduwiaw.dll]
Process: svchost.exe (PID: 744) Address: 0x005f0000 Size: 53248

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 744) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 824) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 868) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 948) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 1012) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: aawservice.exe (PID: 1060) Address: 0x00bc0000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: Explorer.EXE (PID: 1220) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: spoolsv.exe (PID: 1392) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: sched.exe (PID: 1480) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: RealPlay.exe (PID: 1516) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: RUNDLL32.EXE (PID: 1524) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: PDVDServ.exe (PID: 1532) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: jusched.exe (PID: 1644) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: iTunesHelper.exe (PID: 1676) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 1716) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: avgnt.exe (PID: 1760) Address: 0x003f0000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: ctfmon.exe (PID: 1840) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: avguard.exe (PID: 1856) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: LightScribeControlPanel.exe (PID: 1896) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: AppleMobileDeviceService.exe (PID: 1948) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: rundll32.exe (PID: 1964) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: mDNSResponder.exe (PID: 2004) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: LogitechDesktopMessenger.exe (PID: 184) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: SetPoint.exe (PID: 204) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: jqs.exe (PID: 232) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: MSBNTray.exe (PID: 244) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: LSSrvc.exe (PID: 376) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: NBService.exe (PID: 444) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: nvsvc32.exe (PID: 916) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: KHALMNPR.EXE (PID: 1100) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: PnkBstrA.exe (PID: 1144) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: PnkBstrB.exe (PID: 856) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 1444) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: iPodService.exe (PID: 2412) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: alg.exe (PID: 2708) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: Safari.exe (PID: 3232) Address: 0x01540000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 1196) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: svchost.exe]
Process: svchost.exe (PID: 1196) Address: 0x01000000 Size: 20480

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 1292) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 2932) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 696) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 3472) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 3488) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: svchost.exe (PID: 3664) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: wscntfy.exe (PID: 3932) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: RootRepeal.exe (PID: 2996) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETftdoyrne.dll]
Process: iexplore.exe (PID: 2124) Address: 0x10000000 Size: 32768

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x82f3aad0 Size: 1332

Object: Hidden Code [Driver: sr, IRP_MJ_CREATE]
Process: System Address: 0x82f3aad0 Size: 1332

Object: Hidden Code [Driver: FltMgr, IRP_MJ_CREATE]
Process: System Address: 0x82f3aad0 Size: 1332

Object: Hidden Code [Driver: Mup, IRP_MJ_CREATE]
Process: System Address: 0x82f3aad0 Size: 1332

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0x82f3d740 Size: 1715

Object: Hidden Code [Driver: RAW, IRP_MJ_CREATE]
Process: System Address: 0x82f3aad0 Size: 1332

==EOF==

#4 bidi00

bidi00
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 07 September 2009 - 02:56 PM

Wow, now i am infected with Windows Police Pro. Nothing wants to load, cant run malware programs. This stinks.

Now Windows Antivirus Pro as well. Uuuugggghhhhh.

#5 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 07 September 2009 - 03:19 PM

Hello again, bidi00

:thumbup2:The TDSS Trojan Horse is a backdoor/rootkit trojan.:) Such a piece of malware allows hackers to remotely control your computer, steal critical system information and download and execute files.

Rootkits and backdoor trojans are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your antivirus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

I would counsel you to immediately disconnect this PC from the Internet and from your network if it is on a network. Disconnect the infected computer until the computer can be cleaned. Then, access this information from a non-compromised computer to follow the steps needed.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:

Though the backdoor has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:If you choose to format and reinstall, see these link for instructions: Reformatting Windows XP (by wng_z3ro), MIT IS&T - Windows XP: Clean Install. However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat. If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

If you decide to go through with the cleanup, you can proceed with the steps below.



Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.


:) Peer-to-peer (P2P) program WARNING :cool:

Your log shows that you are using a so called peer-to-peer or file sharing program (in your case µTorrent). Programs like this one allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file sharing tools as a tremendous amount of prospective victims can be reached through it. It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File Sharing, otherwise known as Peer To Peer. (P2P) and Risks of File-Sharing Technology.

Avoid gaming sites, pirated software, cracking tools, keygens, and P2P file sharing programs:

  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious flash ads that install viruses, trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

Due to the reasons mentioned above, I would strongly recommend that you uninstall µTorrent. The choice to remove it is entirely up to you, however, but I strongly recommend getting rid of it. If you agree, go to Start -> Control Panel -> Add or Remove Programs and remove µTorrent. If you do not agree, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.
Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as OpenOffice.

:) Uninstall a program using Add or Remove Programs:
  • Click Start on the taskbar, then click on the Control Panel icon.
  • Double-click the Add or Remove Programs icon.
    • A list of programs installed will be "populated"; this may take a bit of time.
  • Uninstall the following program by clicking on its entry and selecting Remove (or Change/Remove):AutoUpdate
:) Download and run sUBs' ComboFix:
  • Please download ComboFix from any of the links below. * IMPORTANT! Choose to save ComboFix to your Desktop but rename it to bidi00.exe prior to doing so.
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double-click bidi00.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    NOTE: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once installed, you should see a screen prompt that says: "The Recovery Console was successfully installed.".
  • Click Yes to allow ComboFix to continue scanning for malware.
    NOTE: Do NOT mouseclick ComboFix's window whilst it's running. That may cause your system to hang!
  • When finished, ComboFix shall produce a log for you (located at C:\ComboFix.txt). Post the entire contents of that report in your next reply for further review, along with the Add-Remove Programs.txt log which can be found at C:\Qoobox.

GENERAL WARNING: Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your Operating System such as preventing it from ever starting again. Also see ComboFix's disclaimer.




So in your next post, please let me know what you have decided to do. If you decided to go through with the cleanup, please post the entire contents of:
  • C:\ComboFix.txt (the ComboFix log)
  • C:\Qoobox\Add-Remove Programs.txt

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#6 bidi00

bidi00
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 09 September 2009 - 12:04 AM

Hey there,

I was running combofix and before it was done the computer crashed. Now i cannot open any .exe file. No combofix, Malwarebytes, or anything. Now what do i do?

#7 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 09 September 2009 - 12:55 PM

You can't open any executable program? :thumbup2:Can't you open Notepad (Start -> All Programs -> Accessories -> Notepad)?
Can't you open a program like Internet Explorer, Microsoft Word or your email application?

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#8 bidi00

bidi00
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 11 September 2009 - 12:03 AM

I cannot open any program. I can however still open pictures. I also managed to get into windows media player via the "what program would you like to use" box and played videos. Not sure what to do at this point. Should back up my music, pictures, videos and docs? Reformat hard drive? Would reformatting get rid of all viruses?

#9 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 11 September 2009 - 03:52 AM

Looks like the default association for executable (.exe) and/or shortcut (.lnk) files is corrupted...



Restore the default association for .exe and .lnk (shortcut) files:
  • Download these assocation fixes:DIRECT download location for Windows XP File Association Fixes here.
  • IMPORTANT: Unzip both files (extract their content).
  • Double-click the extracted registry (.reg) files.
  • When a window pops up asking if the information should be merged/added to the registry, accept (say Yes).
    :thumbup2:
    :)
    NOTE: If you are not able to import the .reg files because of the corrupted .exe file assocation, do this:
    • Press Ctrl+Alt+Delete to open up the Task Manager.
    • Within Task Manager, click File, then hold down Ctrl and left-click New Task (Run...)A Command Prompt window will open.
  • Enter REGEDIT.EXE and hit EnterRegistry Editor will be launched.
  • In Registry Editor, click File -> Import...
  • Navigate to the .reg fix file, highlight (select) it and click OpenIt should be merged to the registry.
  • Repeat with the second .reg fix.
Any luck with these fixes?
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#10 bidi00

bidi00
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 11 September 2009 - 11:15 PM

ok, so i already had fixexe.reg file on my desktop. i clicked it let it do its thing and then said yes to add files. seems like im back up and running. do you want me to combo fix again or run you some sort of report?

#11 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 12 September 2009 - 03:06 AM

[..] do you want me to combo fix again or run you some sort of report?

Yes, please perform the instructions of Post #5. :thumbup2:
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#12 bidi00

bidi00
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 14 September 2009 - 01:25 AM

I didn't have a chance to run the computer today. I will try to do so Monday or Tuesday.

Thank you.

#13 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 14 September 2009 - 02:36 PM

OK, take the time you need. :thumbup2:
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#14 bidi00

bidi00
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 16 September 2009 - 01:31 AM

Alrighty, here is the update. I have tried to run combofix twice now (once Monday night and once Tuesday night) with no results. The program runs for at least 30 to 45 minutes and just stalls. Not sure what to do from here.

#15 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:43 AM

Posted 18 September 2009 - 01:31 PM

Hello again, and sorry for the little delay; been quite busy.

Please try this...



Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.


:) Download and run Win32kDiag::thumbup2: Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.


So in your next reply, please post the entire contents of:
  • the Win32kDiag log
  • the peek.bat results

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users