Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with XP Defender


  • This topic is locked This topic is locked
3 replies to this topic

#1 bobby_compy

bobby_compy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 03 April 2010 - 10:03 PM

My computer seems to have been infected with XP Defender and another virus called ave.exe

I am unable to run the gmer.exe file - when I try to run this file, the computer says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.". Unfortunately I cannot run gmer.exe or post its output.

I cannot run every software program installed on my computer. I cannot use any functions within my Photoshop program anymore - and when I try to use basic programs - such as MS Paint, the Control Panel or other basic utilities - they will not open and give the same error message as described above for gmer.exe

Finally I cannot access the Windows Firewall because when I try to do so XP Defender pops up pretending to the be the firewall.

I am unable to determine whether my AVG Anti-Virus (free version) is working or not - but it keeps popping up with a message that there is a threat from something called ave.exe
AVG says that ave.exe is stored in C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe

I got this virus after I tried downloading a software program from thepiratebay.org

It seems to be getting worse and worse and I dont know what to do. Any help is appreciated.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 21:45:09.30 on Sat 04/03/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.705 [GMT -5:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Collages.net Inc\Collages.net Desktop\CollagesService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LMabcoms.exe
D:\Program Files\Blaze Media Pro\NMSAccess32.exe
c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark\ErrorApp\LMab1err.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe
c:\Program Files\Intuit\QuickBooks 2010\qbhelp.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
D:\Program Files\BitTorrent\BitTorrent.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Owner\My Documents\downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - d:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm .exe"
uRun: [CollagesSystray] c:\program files\collages.net inc\collages.net desktop\CollagesSysTray.exe
uRun: [LMab1err] c:\program files\lexmark\errorapp\LMab1err.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AVG8_TRAY] d:\progra~1\avg\avg8\avgtray.exe
mRun: [BDMCon] "d:\program files\softwin\bitdefender10\bdmcon.exe" /reg
mRun: [BDAgent] "d:\program files\softwin\bitdefender10\bdagent.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe
dRun: [CollagesSystray] c:\program files\collages.net inc\collages.net desktop\CollagesSysTray.exe
dRunOnce: [VF0540Inst] RunDll32.exe c:\windows\system32\V0540Pin.dll,RunDLL32EP 515
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://d:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219439411873
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: r_line - r_line.dll
AppInit_DLLs: app_dll.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\i1p390e0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\i1p390e0.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: d:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: d:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: d:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: d:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: d:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: d:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\divx\divx web player\npdivx32.dll
FF - plugin: d:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-20 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-20 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-20 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-20 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;d:\progra~1\avg\avg8\avgemc.exe [2009-8-20 908056]
R2 avg8wd;AVG Free8 WatchDog;d:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-20 297752]
R2 Collages Service;Collages Service;c:\program files\collages.net inc\collages.net desktop\CollagesService.exe [2008-7-1 45056]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-7-6 31616]
S2 gupdate1ca196d5b80da42;Google Update Service (gupdate1ca196d5b80da42);c:\program files\google\update\GoogleUpdate.exe [2009-8-9 133104]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2008-8-22 20160]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-7-6 145952]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-1 29744]
S3 guardian;guardian;c:\windows\system32\drivers\oz773.sys [2004-8-2 67648]
S3 V0540Afx;Creative Camera VF0540 Audio Effects Driver;c:\windows\system32\drivers\V0540Afx.sys [2009-7-6 160256]
S3 V0540Dev;Creative Camera VF0540 Driver;c:\windows\system32\drivers\V0540Vid.sys [2009-7-6 272512]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-02 18:44:35 0 d-----w- C:\Mark Invoices To Be Printed 7
2010-04-02 12:55:06 380928 ----a-w- c:\windows\system32\lexlog.dll
2010-04-02 12:54:58 0 d-----w- c:\program files\Lexmark_HostCD
2010-04-02 12:54:48 540672 ----a-w- c:\windows\system32\softcoin.dll
2010-04-02 12:54:47 360448 ----a-w- c:\windows\system32\gencoin.dll
2010-04-02 12:54:17 0 d-----w- c:\program files\Lexmark
2010-03-30 23:02:22 19 ----a-w- c:\documents and settings\owner\residential.csv
2010-03-30 14:03:23 0 d-----w- c:\documents and settings\owner\.idlerc
2010-03-30 13:27:02 0 d-----w- c:\documents and settings\owner\.jedit
2010-03-30 13:19:48 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-03-30 13:18:05 0 d-----w- C:\strawberry
2010-03-29 18:35:41 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-29 08:01:54 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-29 03:06:18 3255 ----a-w- c:\windows\system32\wbem\Outlook_01caceeccd18af92.mof
2010-03-28 15:57:14 0 d--h--w- c:\windows\system32\GroupPolicy
2010-03-28 15:51:22 0 d-----w- c:\docume~1\owner\applic~1\ElevatedDiagnostics
2010-03-28 15:42:52 0 d-----w- c:\program files\Microsoft ATS
2010-03-28 04:26:34 93696 ----a-w- c:\windows\system32\app_dll.dll.370218.old
2010-03-28 04:26:34 93696 ----a-w- c:\windows\system32\app_dll.dll
2010-03-27 22:11:43 0 d-----w- c:\docume~1\owner\applic~1\MOVAVI
2010-03-27 18:23:32 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{784E3329-1B2A-421E-9427-596088B766F6}
2010-03-27 17:23:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Keronsoft
2010-03-27 16:37:32 4194304 ----a-w- c:\windows\system32\cdintf400.dll
2010-03-27 16:34:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Nuance
2010-03-27 16:32:16 95 ----a-w- c:\windows\QBChanUtil_Trigger.ini
2010-03-27 16:05:21 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-27 08:03:30 219 ----a-w- c:\windows\system32\MRT.INI
2010-03-27 08:00:44 31648712 ----a-w- c:\windows\system32\mrt .exe
2010-03-27 01:21:03 696832 ----a-w- c:\windows\is-2K4IN.exe
2010-03-27 01:21:03 399 ----a-w- c:\windows\is-2K4IN.lst
2010-03-27 01:21:03 10498 ----a-w- c:\windows\is-2K4IN.msg
2010-03-27 01:11:23 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-27 00:48:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-03-27 00:45:31 0 d-----w- c:\program files\lg_fwupdate
2010-03-21 16:28:42 0 d-----w- c:\program files\Intuit
2010-03-21 16:28:42 0 d-----w- c:\program files\common files\Intuit
2010-03-21 16:28:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-03-21 16:28:09 0 d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 11
2010-03-21 16:28:08 0 d-----w- c:\docume~1\alluse~1\applic~1\COMMON FILES
2010-03-21 16:26:32 0 d-----w- c:\windows\Intuit
2010-03-21 16:22:29 0 d-----w- c:\docume~1\owner\applic~1\OpenOffice.org
2010-03-21 15:50:00 0 d-----w- c:\program files\OpenOffice.org 3
2010-03-20 02:52:08 2145280 ----a-w- c:\windows\system32\python26.dll

==================== Find3M ====================

2010-04-02 14:25:19 81984 ----a-w- c:\windows\system32\bdod.bin
2010-03-27 04:47:17 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-07-03 02:51:01 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-03 02:51:01 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-03 02:51:01 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 21:50:06.41 ===============

Attached Files


Edited by bobby_compy, 03 April 2010 - 10:05 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 AM

Posted 05 April 2010 - 06:30 PM

Hello.

A few things we need to do here. One of them includes fixing your .exe file association.

Were you able to run GMER at all? Please refer to this page and in Step #8 for further instructions on downloading and running GMER. If it doesn't work, let me know.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 AM

Posted 09 April 2010 - 09:06 PM

Hello.

Are you still there? Do you still require help?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 7 days from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 AM

Posted 18 April 2010 - 01:52 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users