Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SMART VIRUS


  • This topic is locked This topic is locked
50 replies to this topic

#1 teachersstop

teachersstop

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 03 November 2009 - 05:12 PM

Pasting in additional information from another topic. ~ OB

The internet explorer on my computer will not open up. I double click and nothing opens up. THe hour glass comes up and goes away instantly. This problem began this past thursday, then on saturday the computer worked fine and I was able to get on the internet, then on sunday the problem began again and has not gone away. Besides internet explore not opening any other program that connects to the internet does not open such as quickbooks and microsoft outlook.

I contacted At&t thinking it was a connection problem and we restarted the modem and the computer. After they ran there test they found nothing wrong with the internet connection. I deleted all browsing history and even did a disk cleanup as well but it did not fix the problem. I downloaded firefox from a different computer onto a flashdrive and attempted to install it in my computer and it would not let me open the program either. Same thing would happen, the hour glass would apear and disapear quickly and the program would not open.

Can anyone help me figure this out and fix my computer. IT IS VERY IMPORTANT. Thank you for your help.

After playing with it more thought I would add that it won't let me restart in safe mode and it also won't let me add an antivirus program. I copied the avg antivirus program from a flash drive and it won't let me run the program. It won't let me run any programs really other than excel or word. No system restore no avg, no internet explorer, so safemode.

End of added information. ~ OB

Hi

There are my computer issues:

Computer will not allow me to open IE, Quickbook, Microsoft Outlook, or AVG
Cannot turn computer on under safe mode
There are no warning signs or no pop ups

I was able to copy hijackthis program under a different name and I stored it under my documents, it allowed me to run it and this is the log it gave me.

What can i do now???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:32 PM, on 11/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner.YOUR-93B4A62EC5\My Documents\Corona High Panthers.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T5048
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.erdealer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T5048
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ATT-SST_UninstallTracking] C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wubafayus] Rundll32.exe "c:\windows\system32\neyuvena.dll",a
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O20 - AppInit_DLLs: tifileze.dll homefebe.dll c:\windows\system32\papororo.dll c:\windows\system32\yejenujo.dll c:\windows\system32\neyuvena.dll
O21 - SSODL: jutohapef - {357951a8-20fc-45a4-b27d-5da6157feee1} - c:\windows\system32\nuvanifi.dll (file missing)
O21 - SSODL: rebitawov - {e08259aa-91a9-4df8-83e5-ab5764e4b614} - c:\windows\system32\nuvanifi.dll (file missing)
O21 - SSODL: mepizasah - {97d439c0-4024-48b6-b915-d752ececfaff} - c:\windows\system32\nuvanifi.dll (file missing)
O21 - SSODL: donebozij - {e250b515-abb1-4e89-8b4b-4c6f19ef468c} - c:\windows\system32\nuvanifi.dll (file missing)
O21 - SSODL: zimohujey - {11c66704-613b-41b8-993c-25947ce67148} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: gihogatip - {65979c73-b84a-41b4-aff7-f879103134da} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: gevesomeb - {7585212f-65ee-4751-8e8d-96026b0eeace} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: miwoviman - {10e2990d-7e75-45fa-8178-6f4fd708a736} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: sifayemip - {a67992a2-f8f7-44b9-bb57-e761d319122a} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: rerupobey - {a4e51b49-068b-40d6-b5c8-55c76056d8a6} - c:\windows\system32\neyuvena.dll
O21 - SSODL: yuvujefud - {12a71401-e4df-41c2-8f27-c338fe051427} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: retudohit - {1d891a36-e95f-452c-a41a-ee66c9769095} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: fusozorut - {3287c1b3-652f-4204-a641-dca7171f5f55} - c:\windows\system32\neyuvena.dll
O21 - SSODL: nezunupek - {9ec5da8a-8dca-4014-91ce-01259bf9e916} - c:\windows\system32\neyuvena.dll
O21 - SSODL: vusojujih - {88ff3210-eab5-49ae-8a71-cc24fedf0cee} - c:\windows\system32\neyuvena.dll
O21 - SSODL: puyenifeb - {d1adcfe5-7a5d-4827-ae6e-40a8497129d0} - c:\windows\system32\neyuvena.dll
O21 - SSODL: yazowazor - {e2649364-6808-4fd6-b68a-474b8912b56b} - c:\windows\system32\neyuvena.dll
O21 - SSODL: botusalel - {067f71eb-a2f3-4ac3-b48b-78af357c4181} - c:\windows\system32\neyuvena.dll
O21 - SSODL: hilugubav - {3f3bdb1c-91a5-4f7d-a8f6-c79563bc6b88} - c:\windows\system32\neyuvena.dll
O21 - SSODL: boruyihin - {c9c36c5d-61b7-4883-8735-65863ccdc5c4} - c:\windows\system32\neyuvena.dll
O21 - SSODL: wuzutanos - {55ba109b-6ca8-4e95-9f15-926a98edab06} - c:\windows\system32\neyuvena.dll
O21 - SSODL: sodewifez - {64047a2f-8ef3-43ec-a796-596705709c35} - c:\windows\system32\neyuvena.dll
O21 - SSODL: jokapovud - {d4971956-ace3-4f4d-b157-797aa9294f68} - c:\windows\system32\neyuvena.dll
O21 - SSODL: sigukajum - {669dc20e-13b5-4318-98c9-a55394799b88} - c:\windows\system32\neyuvena.dll
O21 - SSODL: mabifowus - {94ce5a1d-6874-4f1a-b33b-13bcdfcb1e16} - c:\windows\system32\neyuvena.dll
O21 - SSODL: jolosifar - {8de0b259-624a-45a7-a634-a3737d40ec9f} - c:\windows\system32\neyuvena.dll
O21 - SSODL: guhuwofeg - {789acfdc-1808-4442-aec1-3ac49fae9a9d} - c:\windows\system32\neyuvena.dll
O21 - SSODL: wogunawap - {0952ff2c-109f-4081-9211-9d237c10b886} - c:\windows\system32\neyuvena.dll
O21 - SSODL: soyifafis - {fd95e409-6287-4b1e-aedb-15bd23455c9d} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: kupuhivus - {357951a8-20fc-45a4-b27d-5da6157feee1} - c:\windows\system32\nuvanifi.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {e08259aa-91a9-4df8-83e5-ab5764e4b614} - c:\windows\system32\nuvanifi.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {97d439c0-4024-48b6-b915-d752ececfaff} - c:\windows\system32\nuvanifi.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {e250b515-abb1-4e89-8b4b-4c6f19ef468c} - c:\windows\system32\nuvanifi.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {11c66704-613b-41b8-993c-25947ce67148} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {65979c73-b84a-41b4-aff7-f879103134da} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {7585212f-65ee-4751-8e8d-96026b0eeace} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {10e2990d-7e75-45fa-8178-6f4fd708a736} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {a67992a2-f8f7-44b9-bb57-e761d319122a} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {10fd641d-80ad-42af-a02e-816f6489073a} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {12a71401-e4df-41c2-8f27-c338fe051427} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {1d891a36-e95f-452c-a41a-ee66c9769095} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {3287c1b3-652f-4204-a641-dca7171f5f55} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: mujuzedij - {9ec5da8a-8dca-4014-91ce-01259bf9e916} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: kupuhivus - {88ff3210-eab5-49ae-8a71-cc24fedf0cee} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: kupuhivus - {d1adcfe5-7a5d-4827-ae6e-40a8497129d0} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: tokatiluy - {e2649364-6808-4fd6-b68a-474b8912b56b} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {067f71eb-a2f3-4ac3-b48b-78af357c4181} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: gahurihor - {3f3bdb1c-91a5-4f7d-a8f6-c79563bc6b88} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {c9c36c5d-61b7-4883-8735-65863ccdc5c4} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: mujuzedij - {a4e51b49-068b-40d6-b5c8-55c76056d8a6} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: kupuhivus - {55ba109b-6ca8-4e95-9f15-926a98edab06} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {64047a2f-8ef3-43ec-a796-596705709c35} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {d4971956-ace3-4f4d-b157-797aa9294f68} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: gahurihor - {669dc20e-13b5-4318-98c9-a55394799b88} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: tokatiluy - {94ce5a1d-6874-4f1a-b33b-13bcdfcb1e16} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {8de0b259-624a-45a7-a634-a3737d40ec9f} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: kupuhivus - {789acfdc-1808-4442-aec1-3ac49fae9a9d} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {0952ff2c-109f-4081-9211-9d237c10b886} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {fd95e409-6287-4b1e-aedb-15bd23455c9d} - c:\windows\system32\neyuvena.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Entitlement Service v3 - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Entitlement Client\v3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: QBPOS Database Manager v6 (QBPOSDBServiceV6) - Intuit Inc. - C:\Program Files\Intuit\QuickBooks Point of Sale 6.0\DatabaseServer\QBPOSDBServiceV6.exe

--
End of file - 13434 bytes

Edited by Orange Blossom, 03 November 2009 - 07:39 PM.


BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:51 PM

Posted 05 November 2009 - 09:26 PM

Hello teachersstop :( Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.


If you can't directly download these onto your computer you can use your flash drive to transfer them over. A note of caution here when using a flash drive. If you do not have autoruns disabled on the clean computer be sure to hold down the shift key as you insert the flash drive into it. This holds true for a CD too.



RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.




When you download the following rename it to something you can remember like teachersstop.com




Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.









Please do not post any logs as an attachment unless asked to do so.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 teachersstop

teachersstop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 07 November 2009 - 03:10 PM

I installed rkill and used all the links. It did not indicate that it ran the program at all. The window opens and closes instantly. Exact same thing happened with all links. Then I downloaded the Malwarebytes onto a flashdrive and renamed it teachersstop.com. I cut and then pasted it onto my computer with the virus and it would not open the program at all. The hourglass opened and went away a couple seconds later.

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:51 PM

Posted 07 November 2009 - 04:45 PM

Try running MBAM directly from the Flash Drive and see if it will work. The rkill program acted like it should.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 teachersstop

teachersstop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 07 November 2009 - 05:17 PM

I tried to run it off of my flashdrive but the same thing happened. It did not open at all. I did save it under a different name but it did not seem to matter.

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:51 PM

Posted 07 November 2009 - 05:35 PM

Try renaming it alg.exe and see what happens. Anytime we are using these kind of names just be sure you know where it is and the filepath that you save it to.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 teachersstop

teachersstop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 07 November 2009 - 05:43 PM

Tried it, same thing happened. I tried opening it from the flash drive, didn't work. I tried copying it to desktop didn't work either.

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:51 PM

Posted 07 November 2009 - 05:58 PM

This is one of those that is designed to block everything you do. Have you had anything showing up trying to sell you an antivirus program while all of this has been going on?

Let's see how smart it is. Rename it to the same name you used on HJT and see what happens. Right before you run it try running RKill one more time.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 teachersstop

teachersstop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 07 November 2009 - 06:16 PM

Nothing is popping up trying to sell any kind of antivirus. There are no pop ups at all. I tried renaming it to the same one I used with HJT but it did not work either. I also made sure to run rkill first. You would think there is nothing wrong with the computer because it shows no sign of a virus but u simply cannot open any programs especially the ones dealing with the internet. Nor can you install any programs, antivirus software, or do any kind of system restore.

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:51 PM

Posted 07 November 2009 - 06:20 PM

Try running HJT again and since it's been a couple of days if it runs go ahead and post the log.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 teachersstop

teachersstop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 07 November 2009 - 06:24 PM

Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:59 PM, on 11/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Documents and Settings\Owner.YOUR-93B4A62EC5\My Documents\Corona High Pantherss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T5048
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.erdealer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T5048
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ATT-SST_UninstallTracking] C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wubafayus] Rundll32.exe "c:\windows\system32\neyuvena.dll",a
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O20 - AppInit_DLLs: tifileze.dll homefebe.dll c:\windows\system32\papororo.dll c:\windows\system32\yejenujo.dll c:\windows\system32\neyuvena.dll
O21 - SSODL: jutohapef - {357951a8-20fc-45a4-b27d-5da6157feee1} - c:\windows\system32\nuvanifi.dll (file missing)
O21 - SSODL: rebitawov - {e08259aa-91a9-4df8-83e5-ab5764e4b614} - c:\windows\system32\nuvanifi.dll (file missing)
O21 - SSODL: mepizasah - {97d439c0-4024-48b6-b915-d752ececfaff} - c:\windows\system32\nuvanifi.dll (file missing)
O21 - SSODL: donebozij - {e250b515-abb1-4e89-8b4b-4c6f19ef468c} - c:\windows\system32\nuvanifi.dll (file missing)
O21 - SSODL: zimohujey - {11c66704-613b-41b8-993c-25947ce67148} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: gihogatip - {65979c73-b84a-41b4-aff7-f879103134da} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: gevesomeb - {7585212f-65ee-4751-8e8d-96026b0eeace} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: miwoviman - {10e2990d-7e75-45fa-8178-6f4fd708a736} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: sifayemip - {a67992a2-f8f7-44b9-bb57-e761d319122a} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: rerupobey - {a4e51b49-068b-40d6-b5c8-55c76056d8a6} - c:\windows\system32\neyuvena.dll
O21 - SSODL: yuvujefud - {12a71401-e4df-41c2-8f27-c338fe051427} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: retudohit - {1d891a36-e95f-452c-a41a-ee66c9769095} - c:\windows\system32\negokofi.dll (file missing)
O21 - SSODL: fusozorut - {3287c1b3-652f-4204-a641-dca7171f5f55} - c:\windows\system32\neyuvena.dll
O21 - SSODL: nezunupek - {9ec5da8a-8dca-4014-91ce-01259bf9e916} - c:\windows\system32\neyuvena.dll
O21 - SSODL: vusojujih - {88ff3210-eab5-49ae-8a71-cc24fedf0cee} - c:\windows\system32\neyuvena.dll
O21 - SSODL: puyenifeb - {d1adcfe5-7a5d-4827-ae6e-40a8497129d0} - c:\windows\system32\neyuvena.dll
O21 - SSODL: yazowazor - {e2649364-6808-4fd6-b68a-474b8912b56b} - c:\windows\system32\neyuvena.dll
O21 - SSODL: botusalel - {067f71eb-a2f3-4ac3-b48b-78af357c4181} - c:\windows\system32\neyuvena.dll
O21 - SSODL: hilugubav - {cfde1e0f-0df2-4a90-9816-15c5a8f3040a} - c:\windows\system32\neyuvena.dll
O21 - SSODL: boruyihin - {c9c36c5d-61b7-4883-8735-65863ccdc5c4} - c:\windows\system32\neyuvena.dll
O21 - SSODL: wuzutanos - {55ba109b-6ca8-4e95-9f15-926a98edab06} - c:\windows\system32\neyuvena.dll
O21 - SSODL: sodewifez - {64047a2f-8ef3-43ec-a796-596705709c35} - c:\windows\system32\neyuvena.dll
O21 - SSODL: jokapovud - {d4971956-ace3-4f4d-b157-797aa9294f68} - c:\windows\system32\neyuvena.dll
O21 - SSODL: sigukajum - {669dc20e-13b5-4318-98c9-a55394799b88} - c:\windows\system32\neyuvena.dll
O21 - SSODL: mabifowus - {7cb97edb-1942-4396-ba8b-887f75061331} - c:\windows\system32\neyuvena.dll
O21 - SSODL: jolosifar - {8de0b259-624a-45a7-a634-a3737d40ec9f} - c:\windows\system32\neyuvena.dll
O21 - SSODL: guhuwofeg - {789acfdc-1808-4442-aec1-3ac49fae9a9d} - c:\windows\system32\neyuvena.dll
O21 - SSODL: wogunawap - {0952ff2c-109f-4081-9211-9d237c10b886} - c:\windows\system32\neyuvena.dll
O21 - SSODL: soyifafis - {fd95e409-6287-4b1e-aedb-15bd23455c9d} - c:\windows\system32\neyuvena.dll
O21 - SSODL: kihutosah - {42e7d408-ab2f-4e21-aaa9-a39a4c188b0c} - c:\windows\system32\neyuvena.dll
O21 - SSODL: dihahofid - {20b8b193-5db4-4780-b608-28d4babad0b5} - c:\windows\system32\neyuvena.dll
O21 - SSODL: zifobubot - {98af56df-64a8-4269-a977-44cba76028a2} - c:\windows\system32\neyuvena.dll
O21 - SSODL: galanifen - {ffa39395-6d30-4948-9621-e4e7684a76fb} - c:\windows\system32\neyuvena.dll
O21 - SSODL: niyiwehos - {f538fbc2-d6ad-473c-a7c4-858a78b95106} - c:\windows\system32\neyuvena.dll
O21 - SSODL: nagijizov - {79e35ff6-f806-4cb1-9ddd-8dfb56f28eea} - c:\windows\system32\neyuvena.dll
O21 - SSODL: yafuyofom - {59ca189d-5441-4aa9-a2e3-f2e0fa34626e} - c:\windows\system32\neyuvena.dll
O21 - SSODL: bijehupiy - {6f67c35f-0eff-4b29-8ccd-29632f721720} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: kupuhivus - {357951a8-20fc-45a4-b27d-5da6157feee1} - c:\windows\system32\nuvanifi.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {e08259aa-91a9-4df8-83e5-ab5764e4b614} - c:\windows\system32\nuvanifi.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {97d439c0-4024-48b6-b915-d752ececfaff} - c:\windows\system32\nuvanifi.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {e250b515-abb1-4e89-8b4b-4c6f19ef468c} - c:\windows\system32\nuvanifi.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {11c66704-613b-41b8-993c-25947ce67148} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {65979c73-b84a-41b4-aff7-f879103134da} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {7585212f-65ee-4751-8e8d-96026b0eeace} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {10e2990d-7e75-45fa-8178-6f4fd708a736} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {a67992a2-f8f7-44b9-bb57-e761d319122a} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {10fd641d-80ad-42af-a02e-816f6489073a} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {12a71401-e4df-41c2-8f27-c338fe051427} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {1d891a36-e95f-452c-a41a-ee66c9769095} - c:\windows\system32\negokofi.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {3287c1b3-652f-4204-a641-dca7171f5f55} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: mujuzedij - {9ec5da8a-8dca-4014-91ce-01259bf9e916} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: kupuhivus - {88ff3210-eab5-49ae-8a71-cc24fedf0cee} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: kupuhivus - {d1adcfe5-7a5d-4827-ae6e-40a8497129d0} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: tokatiluy - {e2649364-6808-4fd6-b68a-474b8912b56b} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {067f71eb-a2f3-4ac3-b48b-78af357c4181} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: gahurihor - {3f3bdb1c-91a5-4f7d-a8f6-c79563bc6b88} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {c9c36c5d-61b7-4883-8735-65863ccdc5c4} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: mujuzedij - {a4e51b49-068b-40d6-b5c8-55c76056d8a6} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: kupuhivus - {55ba109b-6ca8-4e95-9f15-926a98edab06} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {64047a2f-8ef3-43ec-a796-596705709c35} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {d4971956-ace3-4f4d-b157-797aa9294f68} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: gahurihor - {669dc20e-13b5-4318-98c9-a55394799b88} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: tokatiluy - {94ce5a1d-6874-4f1a-b33b-13bcdfcb1e16} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {8de0b259-624a-45a7-a634-a3737d40ec9f} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: kupuhivus - {789acfdc-1808-4442-aec1-3ac49fae9a9d} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {0952ff2c-109f-4081-9211-9d237c10b886} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: jugezatag - {fd95e409-6287-4b1e-aedb-15bd23455c9d} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: gahurihor - {42e7d408-ab2f-4e21-aaa9-a39a4c188b0c} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: gahurihor - {20b8b193-5db4-4780-b608-28d4babad0b5} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: gahurihor - {98af56df-64a8-4269-a977-44cba76028a2} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: gahurihor - {cfde1e0f-0df2-4a90-9816-15c5a8f3040a} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: tokatiluy - {ffa39395-6d30-4948-9621-e4e7684a76fb} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: tokatiluy - {7cb97edb-1942-4396-ba8b-887f75061331} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: gahurihor - {f538fbc2-d6ad-473c-a7c4-858a78b95106} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: tokatiluy - {79e35ff6-f806-4cb1-9ddd-8dfb56f28eea} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: tokatiluy - {59ca189d-5441-4aa9-a2e3-f2e0fa34626e} - c:\windows\system32\neyuvena.dll
O22 - SharedTaskScheduler: gahurihor - {6f67c35f-0eff-4b29-8ccd-29632f721720} - c:\windows\system32\neyuvena.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Entitlement Service v3 - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Entitlement Client\v3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: QBPOS Database Manager v6 (QBPOSDBServiceV6) - Intuit Inc. - C:\Program Files\Intuit\QuickBooks Point of Sale 6.0\DatabaseServer\QBPOSDBServiceV6.exe

--
End of file - 15342 bytes

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:51 PM

Posted 07 November 2009 - 06:38 PM

Well there is no doubt you have an infected machine. The trick is to figure out how to get around what is blocking us. I need to study it some and I'll get back with you.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 teachersstop

teachersstop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 07 November 2009 - 06:44 PM

Ok well thanks for your help. Take your time and ill check back at a later time. Let me know also if it would be easier to do a system recovery and completely wipe out the computer.

Thanks again.

#14 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:51 PM

Posted 07 November 2009 - 06:48 PM

I figure you probably have things saved that you would rather not lose....is that correct?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#15 teachersstop

teachersstop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 07 November 2009 - 07:47 PM

Well preferably I would not want to erase everything but if there really is no other way to fix it then I'll go ahead and do it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users