Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc antispyware removal


  • Please log in to reply
37 replies to this topic

#1 Jet Boat Capt

Jet Boat Capt

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 24 August 2009 - 09:43 AM

dont have much time. my computer will restart very soon and i will loose everything. I can get any of the antimalware that you have suggested to work on my computer.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 9:42:57.46 on Mon 08/24/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.172 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Shell=Explorer.exe logon.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [PC Antispyware 2010] "c:\program files\pc_antispyware2010\PC_Antispyware2010.exe" /hide
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [braviax] braviax.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.2\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238247816437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-23 130936]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-8-23 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-8-23 1097096]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S0 jegdc42;jegdc42;\SystemRoot\\SystemRoot\System32\drivers\jegdc42.sys --> \SystemRoot\\SystemRoot\System32\drivers\jegdc42.sys [?]
S1 424d211b.sys;424d211b.sys;\??\c:\windows\system32\drivers\424d211b.sys --> c:\windows\system32\drivers\424d211b.sys [?]
S2 gupdate1c9d2257b44560e;Google Update Service (gupdate1c9d2257b44560e);c:\program files\google\update\GoogleUpdate.exe [2009-5-11 133104]

=============== Created Last 30 ================

2009-08-24 08:44 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-08-24 08:40 12,288 a------- c:\windows\system32\braviax.exe
2009-08-23 20:14 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-08-23 20:14 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-08-23 20:13 <DIR> --d----- c:\program files\Kaspersky Lab
2009-08-23 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-08-23 20:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-08-23 18:41 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-08-23 18:41 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-23 18:41 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-23 18:41 <DIR> --d----- c:\program files\common files\PC Tools
2009-08-23 18:41 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-08-23 18:41 <DIR> --d----- c:\program files\Spyware Doctor
2009-08-23 18:41 <DIR> --d----- c:\docume~1\owner\applic~1\PC Tools
2009-08-23 18:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-08-23 18:34 19,852 a------- c:\docume~1\owner\applic~1\yzij.dat
2009-08-23 18:34 19,117 a------- c:\windows\odanarutu.dat
2009-08-23 18:34 17,904 a------- c:\docume~1\alluse~1\applic~1\ozuqog.dll
2009-08-23 18:34 16,998 a------- c:\docume~1\alluse~1\applic~1\omyhuduze.dat
2009-08-23 18:34 16,312 a------- c:\program files\common files\bacetoxo.vbs
2009-08-23 18:34 15,618 a------- c:\program files\common files\uxikewyr.reg
2009-08-23 18:34 15,357 a------- c:\windows\cuwefylu.dat
2009-08-23 18:34 14,838 a------- c:\windows\system32\anahawyda.com
2009-08-23 18:34 14,482 a------- c:\windows\rajoz.dll
2009-08-23 18:34 14,292 a------- c:\windows\system32\awesyq.dat
2009-08-23 18:34 12,721 a------- c:\program files\common files\amyzyzys.vbs
2009-08-23 18:34 10,374 a------- c:\docume~1\alluse~1\applic~1\ojowylo.vbs
2009-08-23 18:24 19,864 a------- c:\docume~1\owner\applic~1\umig.reg
2009-08-23 18:24 19,591 a------- c:\program files\common files\yrehenoluv.dll
2009-08-23 18:24 15,416 a------- c:\docume~1\owner\applic~1\saryfu.dat
2009-08-23 18:24 13,215 a------- c:\windows\system32\kebopadiha._dl
2009-08-23 18:24 13,122 a------- c:\docume~1\owner\applic~1\ifydusypih.com
2009-08-23 18:24 11,683 a------- c:\windows\system32\nyxis.bat
2009-08-23 18:24 11,562 a------- c:\docume~1\alluse~1\applic~1\uxofa.dat
2009-08-23 18:24 11,483 a------- c:\windows\jatafi.dll
2009-08-23 18:24 11,211 a------- c:\windows\dola.sys
2009-08-23 18:24 10,167 a------- c:\windows\system32\ecubowevov.sys
2009-08-23 18:24 17,941 a------- c:\windows\system32\oqujuqywi.dl
2009-08-23 18:24 15,087 a------- c:\docume~1\alluse~1\applic~1\hocegoho.dat
2009-08-23 17:45 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-23 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-23 17:14 664 a------- c:\windows\system32\d3d9caps.dat
2009-08-23 17:07 229,376 a------- c:\windows\PEV.exe
2009-08-23 17:07 161,792 a------- c:\windows\SWREG.exe
2009-08-23 17:07 98,816 a------- c:\windows\sed.exe
2009-08-23 17:07 <DIR> --ds---- C:\myapp
2009-08-23 17:07 389,120 a------- c:\windows\system32\CF24831.exe
2009-08-23 16:45 11,964 a------- c:\windows\ylasyqakid.sys
2009-08-23 16:45 19,743 a------- c:\windows\fujejyq.reg
2009-08-23 16:45 19,351 a------- c:\windows\system32\cabema.dll
2009-08-23 16:45 19,042 a------- c:\windows\fosykezel.inf
2009-08-23 16:45 16,849 a------- c:\windows\system32\anuw.bat
2009-08-23 16:45 16,145 a------- c:\docume~1\alluse~1\applic~1\byzenu.bin
2009-08-23 16:45 15,393 a------- c:\docume~1\alluse~1\applic~1\gorivowovi.sys
2009-08-23 16:45 15,343 a------- c:\windows\xazunyren.dl
2009-08-23 16:45 15,154 a------- c:\windows\vaceqo.inf
2009-08-23 16:45 15,120 a------- c:\program files\common files\ajofemaha.reg
2009-08-23 16:45 15,096 a------- c:\windows\soqyk.bin
2009-08-23 16:45 14,780 a------- c:\windows\system32\edybexyq.bin
2009-08-23 16:45 14,654 a------- c:\windows\system32\apukig._sy
2009-08-23 16:45 12,148 a------- c:\docume~1\alluse~1\applic~1\ykofo.pif
2009-08-23 16:45 11,077 a------- c:\windows\odakixanes.bin
2009-08-23 16:45 10,890 a------- c:\program files\common files\ujuxebys.reg
2009-08-23 16:45 10,725 a------- c:\program files\common files\timylufu.vbs
2009-08-23 16:44 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 16:44 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-23 16:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-23 14:30 18,469 a------- c:\docume~1\alluse~1\applic~1\ezyxuqaf.pif
2009-08-23 14:30 17,346 a------- c:\program files\common files\fixuwupe.dll
2009-08-23 14:30 16,156 a------- c:\program files\common files\afew.bin
2009-08-23 14:30 16,141 a------- c:\docume~1\owner\applic~1\hocog.vbs
2009-08-23 14:30 15,317 a------- c:\docume~1\owner\applic~1\ecusan.bat
2009-08-23 14:30 12,279 a------- c:\program files\common files\zyjukif.sys
2009-08-23 14:30 11,111 a------- c:\docume~1\alluse~1\applic~1\manu.vbs
2009-08-23 14:30 10,657 a------- c:\docume~1\alluse~1\applic~1\kewabe.exe
2009-08-23 14:29 4 a------- c:\windows\system32\bincd32.dat
2009-08-23 14:25 348,314 a------- c:\windows\system32\_scui.cpl
2009-08-23 14:25 36 a------- c:\windows\system32\sysnet.dat
2009-08-23 14:25 488,960 a------- c:\windows\system32\dddesot.dll
2009-08-23 14:25 390,144 a------- c:\windows\system32\desot.exe
2009-08-23 14:25 64 a------- c:\windows\ppp4.dat
2009-08-23 14:25 34 a------- c:\windows\system32\sonhelp.htm
2009-08-23 14:25 9 a------- c:\windows\system32\bennuar.old
2009-08-23 14:25 2 a------- c:\windows\ppp3.dat
2009-08-23 13:53 12,288 a------- c:\windows\braviax.exe
2009-08-23 13:21 197 a------- c:\windows\system32\MRT.INI
2009-08-23 13:13 6,144 a------- c:\windows\cru629.dat
2009-08-12 07:06 <DIR> --d----- C:\fcb3f0b2332d34879e9817bacb
2009-08-12 07:01 6,144 a------- c:\windows\system32\cru629.dat
2009-08-11 23:02 45,344 a------- c:\windows\system32\drivers\jegdc42.sys
2009-08-11 23:02 28,160 a---h--- c:\windows\system32\logon.exe
2009-08-11 21:17 3,664 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-08-11 21:16 4,784 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-08-11 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-08-11 21:12 <DIR> --d----- c:\program files\common files\iS3
2009-08-11 21:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-08-11 20:58 <DIR> --d----- c:\program files\Enigma Software Group
2009-08-11 20:38 192,203 a------- c:\windows\system32\wisdstr.exe
2009-08-11 17:23 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-08-11 17:23 <DIR> --d----- C:\1cc5cbacf32b470d58cf7b7987
2009-08-11 10:37 19,433 a------- c:\docume~1\owner\applic~1\egycyqi.exe
2009-08-11 10:37 14,303 a------- c:\docume~1\owner\applic~1\ydoqapypov.reg
2009-08-11 10:37 11,605 a------- c:\docume~1\owner\applic~1\pemo.pif
2009-08-11 10:37 10,306 a------- c:\program files\common files\jymi.com
2009-08-11 10:37 19,551 a------- c:\docume~1\owner\applic~1\unywyvo.bat
2009-08-11 10:37 19,067 a------- c:\docume~1\owner\applic~1\ziniduw.exe
2009-08-11 10:37 16,923 a------- c:\docume~1\owner\applic~1\cateculi.exe
2009-08-11 10:37 15,225 a------- c:\program files\common files\banujuko.bin
2009-08-11 10:37 14,369 a------- c:\program files\common files\yzysygehef.vbs
2009-08-11 06:20 18,567 a------- c:\windows\duwa._sy
2009-08-11 06:20 16,846 a------- c:\docume~1\alluse~1\applic~1\ajucofymi.vbs
2009-08-11 06:20 15,462 a------- c:\docume~1\alluse~1\applic~1\syzacov.com
2009-08-11 06:20 15,200 a------- c:\windows\ywuzixa.lib
2009-08-11 06:20 14,067 a------- c:\windows\system32\wozo.lib
2009-08-11 06:20 13,845 a------- c:\windows\ifofu._sy
2009-08-11 06:20 13,453 a------- c:\windows\ujusezabi._dl
2009-08-11 06:20 13,189 a------- c:\windows\agupytazox.vbs
2009-08-11 06:20 12,273 a------- c:\docume~1\owner\applic~1\ucokabojah.sys
2009-08-11 06:20 11,178 a------- c:\docume~1\owner\applic~1\ujavu.scr
2009-08-11 06:20 10,667 a------- c:\program files\common files\elekycebyv.sys
2009-08-11 06:20 10,059 a------- c:\docume~1\alluse~1\applic~1\woco.dat
2009-08-11 05:47 19,806 a------- c:\windows\system32\izuq.reg
2009-08-11 05:47 19,272 a------- c:\windows\johihe._dl
2009-08-11 05:47 18,453 a------- c:\windows\system32\yqylefu.vbs
2009-08-11 05:47 18,381 a------- c:\docume~1\owner\applic~1\ynolitomi.exe
2009-08-11 05:47 17,908 a------- c:\windows\system32\agogyca.bin
2009-08-11 05:47 17,362 a------- c:\windows\ividivof.exe
2009-08-11 05:47 15,344 a------- c:\program files\common files\pigirib.bat
2009-08-11 05:47 15,251 a------- c:\windows\ogebeduj.bat
2009-08-11 05:47 13,820 a------- c:\windows\system32\lyfyvaku.pif
2009-08-11 05:47 13,766 a------- c:\windows\uhac.dl
2009-08-11 05:47 13,079 a------- c:\windows\mubyxiqib.sys
2009-08-11 05:47 12,451 a------- c:\docume~1\alluse~1\applic~1\novaf.com
2009-08-11 05:47 12,256 a------- c:\windows\system32\fota.bat
2009-08-11 05:21 17,950 a------- c:\windows\system32\oduwitaqyr.vbs
2009-08-11 05:21 17,945 a------- c:\docume~1\alluse~1\applic~1\egupymu.bin
2009-08-11 05:21 17,560 a------- c:\windows\system32\zifusew.db
2009-08-11 05:21 17,141 a------- c:\docume~1\alluse~1\applic~1\lexyxeg.scr
2009-08-11 05:21 16,830 a------- c:\windows\system32\unuzuzodi._sy
2009-08-11 05:21 16,408 a------- c:\windows\xytu.sys
2009-08-11 05:21 16,223 a------- c:\windows\fobyzygupi.bin
2009-08-11 05:21 14,538 a------- c:\windows\fepusyky.dl
2009-08-11 05:21 13,707 a------- c:\windows\sity.vbs
2009-08-11 05:21 13,676 a------- c:\windows\uxedeh.dat
2009-08-11 05:21 11,813 a------- c:\windows\penaxaviw.dll
2009-08-11 05:21 11,240 a------- c:\windows\system32\zote.lib
2009-08-11 05:21 10,621 a------- c:\windows\ynomas.reg
2009-08-10 23:48 30,208 ac------ c:\windows\system32\dllcache\figaro.sys
2009-08-10 22:58 <DIR> --d----- c:\docume~1\owner\applic~1\Logs
2009-08-10 22:51 164,764 a------- c:\windows\system32\net.net

==================== Find3M ====================

2009-08-23 18:34 13,530 a------- c:\program files\common files\nuwylod.db
2009-08-23 16:45 18,689 a------- c:\program files\common files\ewodaw.inf
2009-08-23 14:30 19,196 a------- c:\windows\ahax.scr
2009-08-23 14:30 18,333 a------- c:\windows\usaqolun.bat
2009-08-23 14:30 14,637 a------- c:\windows\yvalucy.vbs
2009-08-23 14:30 12,413 a------- c:\windows\fenyhyno.dll
2009-08-23 14:30 12,386 a------- c:\windows\arozy.com
2009-08-23 14:30 10,905 a------- c:\windows\gifu.sys
2009-08-23 14:30 10,580 a------- c:\windows\qatukeh.reg
2009-08-11 10:37 19,626 a------- c:\windows\system32\ylapujak.scr
2009-08-11 10:37 19,554 a------- c:\windows\system32\zuciky.com
2009-08-11 10:37 18,803 a------- c:\program files\common files\egycehiha._dl
2009-08-11 10:37 18,218 a------- c:\windows\system32\sibata.bin
2009-08-11 10:37 16,087 a------- c:\windows\system32\dimijoxumo.reg
2009-08-11 10:37 15,546 a------- c:\windows\system32\exomat.exe
2009-08-11 10:37 11,811 a------- c:\windows\bebezybuvy.scr
2009-08-11 10:37 19,308 a------- c:\windows\gemisu.exe
2009-08-11 10:37 19,105 a------- c:\windows\cesu.dat
2009-08-11 10:37 15,345 a------- c:\windows\system32\vihu.reg
2009-08-11 05:47 17,732 a------- c:\program files\common files\unonojagyc.inf
2009-08-11 05:47 14,823 a------- c:\program files\common files\tosixope.inf
2009-08-11 05:47 10,092 a------- c:\program files\common files\qonysacot._sy
2009-08-11 05:21 18,723 a------- c:\program files\common files\valo.inf
2009-08-10 23:48 30,208 a------- c:\windows\system32\drivers\beep.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 15:48 219,664 a------- c:\windows\system32\klogon.dll
2009-07-03 15:45 27,507 a------- c:\windows\system32\drivers\klopp.dat
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll

============= FINISH: 9:45:02.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:30 AM

Posted 25 August 2009 - 06:23 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Jet Boat Capt

Jet Boat Capt
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 26 August 2009 - 07:47 AM

The computer wont restart in safe mode. Should I still run the SDFix?

Thanks

Bill

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:30 AM

Posted 26 August 2009 - 11:03 AM

No, let's go a different way.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Jet Boat Capt

Jet Boat Capt
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 26 August 2009 - 01:57 PM

O.K. I downloaded the combofix the first website and transfered it to the desktop of the computer that is infected with the pc antispyware. I cant go to the website on that computer. It keeps redirecting me to other sites. When i started the combofix on the computer it said i have avg antivirus running I thought i had uninstalled that from the computer. Anyway the combofix started anyway and said that i need to go to another website to download another version. so i stopped the combofix and downloaded the version from the 2nd link on this page. I will try to find out how to disable the AVG when i get back later. Unless you can tell me how to do that it doesnt appear on the system tray down at the bottom.

Thansk again for all your help

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:30 AM

Posted 26 August 2009 - 06:46 PM

If it's just AVG, go ahead and run Combofix. AVG doesn't seem to conflict with Combofix, so it should be fine.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Jet Boat Capt

Jet Boat Capt
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 26 August 2009 - 08:37 PM

O.K. I ran the combo fix. It will get all the way to the Windows Recovery Conole. Then i get "Failed to Download Required Files. Shall coninue to scan for malware. Shortly after that I get an error that says PEV.EXE CORRUPT FILE
THE FILE OR DIRECTORY C:/PROGRAM FILES/COMMON FILES/ADOBE/AMT20 is corrupt Please run Chdsk Utility. Then shortly after that the computer restarts by itself.

The combo fix doesnt have time to finish scanning.


Thanks again for you help

Bill

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:30 AM

Posted 27 August 2009 - 09:14 AM

Did you run chkdsk yet? If not, go ahead and do that.
Also check to see if a log was created for combofix here: C:\combofix.txt
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Jet Boat Capt

Jet Boat Capt
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 27 August 2009 - 10:59 AM

Yes. ran the CHKDSK, it said cannot open volume for direct access. I did not get a combo fis log. What Now?

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:30 AM

Posted 27 August 2009 - 11:05 AM

Delete combofix.exe from the infected computer.

Download it again (move it over from a clean computer if you need to), but this time save it to your desktop as svchost.exe
Then run it and let me know what happens.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Jet Boat Capt

Jet Boat Capt
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 27 August 2009 - 01:51 PM

I ran it again like you said it will run to a point that is says ComboFix is Uninstalled then stops and removes it from the desktop...


Thanks again

Bill

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:30 AM

Posted 27 August 2009 - 03:22 PM

Please post a new log from Rootrepeal.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Jet Boat Capt

Jet Boat Capt
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 28 August 2009 - 04:44 AM

Here are the files that you asked for. Hope this will help. Before it crashed I got an error message that said"Attempt to read from address: 0x453000b. This was all i got from the RootRepeal.


Thanks again

Bill

Attached Files



#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:30 AM

Posted 28 August 2009 - 10:12 AM

Please download this file to your desktop and run it.
http://ad13.geekstogo.com/Win32kDiag.exe

Please post the resulting log in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Jet Boat Capt

Jet Boat Capt
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 28 August 2009 - 10:59 AM

did that here is what i got

Log file is loacated: C:/Documents and Settings/Owner/Desktop/Win32Diag.txt
Warning: Could not get backup privileges!

Cannot access: C:/Windows/Installer/385.msi
[1] 2009-07-21 12:01:39 3228160 C:/Windows/Installer/383d5.msi ()

Cannot acess: C:/Windows/system32/drivers/jegdc42.sys
[1] 2009-08-12 06:44:39 45344 C:/WINDOWS/system32/drivers/jegdc42.sys ()

Finished Press any key to exit...


Alos got a error message that said:

Win32diag.exe-Corrupt File
The file or directory C:/WINDOWS/Installer/385d5.msi is corrupt and unreadable. Please run the Chkdsk utility

I ran the chkdsk utility it is the same as before cannot open volunefor direct access


Thanks Again

Bill




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users