Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Virus [Closed]

Started by Menace_19st , Feb 16 2009 12:09 AM

  • This topic is locked This topic is locked

#1
Menace_19st
Posted 16 February 2009 - 12:09 AM

Menace_19st

    Member

  • Member
  • PipPip
  • 53 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:04 PM, on 2/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Menace\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: C:\WINDOWS\system32\hs78344kjkfd.dll - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\hs78344kjkfd.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Menace\winlogon.exe
O4 - HKLM\..\Run: [Clarikoda] rundll32.exe "C:\WINDOWS\Idofodaqoxoqirac.dll",e
O4 - HKLM\..\Run: [Lxuworucato] rundll32.exe "C:\WINDOWS\igayajasuqeboqut.dll",e
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [707f2bec] rundll32.exe "C:\WINDOWS\system32\dtxmbdeq.dll",b
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PoliceAV] C:\Program Files\XPPoliceAntivirus\xppolice.exe
O4 - HKCU\..\Run: [bstisqm54g3mmyjs82777i35x0mi] C:\DOCUME~1\Menace\LOCALS~1\Temp\dicsyhy4hv9q.exe
O4 - HKCU\..\Run: [a6evfezkj] C:\DOCUME~1\Menace\LOCALS~1\Temp\z7n7mliup.exe
O4 - HKCU\..\Run: [dsczs59laimk36lx20qy4tssbesac8s0vm1ycic5g4e41307z] C:\DOCUME~1\Menace\LOCALS~1\Temp\etewk4.exe
O4 - HKCU\..\Run: [g1sg5s1crjkh64lgl81gb] C:\DOCUME~1\Menace\LOCALS~1\Temp\upkbcaljx.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [x5aim604ff] C:\DOCUME~1\Menace\LOCALS~1\Temp\udld2d.exe
O4 - HKCU\..\Run: [a9b3h986m9fgw4i8tvqi8by9nk4gvqq38jnv7j9m48v] C:\DOCUME~1\Menace\LOCALS~1\Temp\xn3yebgtmjjuy.exe
O4 - HKCU\..\Run: [awva8wn0seji5x16tje5m9ff4c8gr9z1e2gdru] C:\DOCUME~1\Menace\LOCALS~1\Temp\m0jirxrj29.exe
O4 - HKCU\..\Run: [jukagabozb0ufe] C:\DOCUME~1\Menace\LOCALS~1\Temp\drlop23d.exe
O4 - HKCU\..\Run: [pnelwurhbjy94au8s5denjgeq3x8wrnqnn] C:\DOCUME~1\Menace\LOCALS~1\Temp\z7lkre6.exe
O4 - HKCU\..\Run: [dqroduta2bewgatnoybxwdrgrzkybzgbk4a4gakf8cfgt66cxj] C:\DOCUME~1\Menace\LOCALS~1\Temp\a08fgdz3c9d8.exe
O4 - HKCU\..\Run: [w0ul3jyi4tdu3djp5fxgb2vwbw82mu7dj7ytn4ai] C:\DOCUME~1\Menace\LOCALS~1\Temp\zr4s1irfeq2l.exe
O4 - HKCU\..\Run: [czdkse0lvhawy9u2xwgxbh6k0q] C:\DOCUME~1\Menace\LOCALS~1\Temp\u2eg61604cwxf.exe
O4 - HKCU\..\Run: [aiy9bf3310ye7q90fr5qh1iqsq1ejbr4j8isi] C:\DOCUME~1\Menace\LOCALS~1\Temp\nnoyww6u8t0.exe
O4 - HKCU\..\Run: [z54sku7zscr5mlmlrphpodbfvcynzd35naoczlyvp] C:\DOCUME~1\Menace\LOCALS~1\Temp\cluw0m6h.exe
O4 - HKCU\..\Run: [j2i9w5t6fwwqb] C:\DOCUME~1\Menace\LOCALS~1\Temp\pp4l4y.exe
O4 - HKCU\..\Run: [mg1vayv9kq0qavmt21lp81ik7c4ppnsn97s2ug4t8q] C:\DOCUME~1\Menace\LOCALS~1\Temp\hwag7f.exe
O4 - HKCU\..\Run: [lqla79flqlutt23j] C:\DOCUME~1\Menace\LOCALS~1\Temp\ydhjglkj.exe
O4 - HKCU\..\Run: [a8bx2arnv7h9kpnryykcnidb] C:\DOCUME~1\Menace\LOCALS~1\Temp\nce7ypsie.exe
O4 - HKCU\..\Run: [ontjnpiathy4ko0zasrqoutdegotmg2n8022] C:\DOCUME~1\Menace\LOCALS~1\Temp\kxw43r.exe
O4 - HKCU\..\Run: [icpm6mxepgo1nbqj51bdrdug7bg2z95s] C:\DOCUME~1\Menace\LOCALS~1\Temp\xzm9700win.exe
O4 - HKCU\..\Run: [jmmd8oqylhahjprdgrn5rwblnc3tx5] C:\DOCUME~1\Menace\LOCALS~1\Temp\aqie9gv7avu3.exe
O4 - HKCU\..\Run: [lh96enlnof9fat77n3ba5bqpq4w75u7] C:\DOCUME~1\Menace\LOCALS~1\Temp\x2el9sw96cosz.exe
O4 - HKCU\..\Run: [pshhcpssv1bj4hou16a] C:\DOCUME~1\Menace\LOCALS~1\Temp\whpewnr4hozvq.exe
O4 - HKCU\..\Run: [qg7jxe67yf0i1bl0kg61vmhtrggu6h4zs1q5ydfka] C:\DOCUME~1\Menace\LOCALS~1\Temp\mzpdnaq38.exe
O4 - HKCU\..\Run: [ikxdb7ndrr40aqpxzlj7pmu6li083cabr7ctad3] C:\DOCUME~1\Menace\LOCALS~1\Temp\je8jiqyk9znzx.exe
O4 - HKCU\..\Run: [p8tqvoh2utjix5p6sfs0wo5t2kmt4je5qerc68] C:\DOCUME~1\Menace\LOCALS~1\Temp\b2eehyv4jtc1t.exe
O4 - HKCU\..\Run: [dmbcs837hg4upw10gfg2kfnevjh7ng9i1g6nk5f] C:\DOCUME~1\Menace\LOCALS~1\Temp\m4xxn8.exe
O4 - HKCU\..\Run: [j8yr3baur14lvnkz0n2y] C:\DOCUME~1\Menace\LOCALS~1\Temp\gmf3v69p1.exe
O4 - HKCU\..\Run: [e5rg74a7n721qbnurpyqkbx18x63t717mor] C:\DOCUME~1\Menace\LOCALS~1\Temp\kbapygd5w18.exe
O4 - HKCU\..\Run: [zgdsl1u30qmmg3lk30qvveitpf3ya] C:\DOCUME~1\Menace\LOCALS~1\Temp\grg3lmnr87gk.exe
O4 - HKCU\..\Run: [l8alo72to13iqzf6] C:\DOCUME~1\Menace\LOCALS~1\Temp\v8gkfvly5px.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1232663648921
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ylpisn.dll ybncvx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: urqhbske - urQHBSKE.dll (file missing)
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 11040 bytes






PLEAAASE HEEEEEEEELP ME!!! :)
  • 0

Advertisements

#2
Menace_19st
Posted 16 February 2009 - 12:11 AM

Menace_19st

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
I posted that hijackthis log with no anti virus on and windows updates disabled and also windows firewall disabled
  • 0

#3
Menace_19st
Posted 16 February 2009 - 12:23 AM

Menace_19st

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
One more thing....I also get two run.dll errors and a Data Execution Prevention window on my screen everytime I restart my laptop...the two errors and window appear as follows:

#1 - Error loading C:\WINDOWS\Idofodaqoxoqirac.dll
The specified module could not be found.

#2 - Error loading C:\WINDOWS\system32\dtxmbdeq.dll
The specified module could not be found.

#3 - To help protect your computer, Windows has closed this program
Name: Generic Host Process for Win32 Services
Publisher: Microsoft Corporation

Data Execution Prevention helps protect against damage from viruses and other security threats. What should I do? <-- highlighted in blue as a link

After I close the DEP window i get an encountered problem window stating "svchost.exe has encountered a problem and needs to close. We are sorry for the inconvenience." then it asks me to send error report.

Hope that helped!

Edited by Menace_19st, 16 February 2009 - 12:25 AM.

  • 0

#4
handhfan
Posted 17 February 2009 - 12:22 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, Menace_19st, and welcome to GeeksToGo!

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
Menace_19st
Posted 17 February 2009 - 02:05 PM

Menace_19st

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hi, thank you for the reply. Ok, I was not able to download combofix right off of my laptop it said could not find webpage due to no connection. I can search google just not download. So, like before, I am using my friends pc which i downloaded Combofix to a flash drive and i moved it to my laptop manually. I would double click continous times and i would just get the "working in background" cursor and then it would just be the regular mouse pointer after a few seconds but, my computer would not execute Combofix. However, I did run a new hijackthis log with no scripting disbaled and ad blocker disabled also. I disabled my AVG antivirus and my adaware as well. I also left my internet conncetion connected while i ran the hijackthis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:20 PM, on 2/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inf\rundll33.exe
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Menace\Desktop\ComboFix.exe
C:\Documents and Settings\Menace\Desktop\ComboFix.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Menace\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: C:\WINDOWS\system32\hs78344kjkfd.dll - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\hs78344kjkfd.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Menace\winlogon.exe
O4 - HKLM\..\Run: [Clarikoda] rundll32.exe "C:\WINDOWS\Idofodaqoxoqirac.dll",e
O4 - HKLM\..\Run: [Lxuworucato] rundll32.exe "C:\WINDOWS\igayajasuqeboqut.dll",e
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [707f2bec] rundll32.exe "C:\WINDOWS\system32\dtxmbdeq.dll",b
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PoliceAV] C:\Program Files\XPPoliceAntivirus\xppolice.exe
O4 - HKCU\..\Run: [bstisqm54g3mmyjs82777i35x0mi] C:\DOCUME~1\Menace\LOCALS~1\Temp\dicsyhy4hv9q.exe
O4 - HKCU\..\Run: [a6evfezkj] C:\DOCUME~1\Menace\LOCALS~1\Temp\z7n7mliup.exe
O4 - HKCU\..\Run: [dsczs59laimk36lx20qy4tssbesac8s0vm1ycic5g4e41307z] C:\DOCUME~1\Menace\LOCALS~1\Temp\etewk4.exe
O4 - HKCU\..\Run: [g1sg5s1crjkh64lgl81gb] C:\DOCUME~1\Menace\LOCALS~1\Temp\upkbcaljx.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [x5aim604ff] C:\DOCUME~1\Menace\LOCALS~1\Temp\udld2d.exe
O4 - HKCU\..\Run: [a9b3h986m9fgw4i8tvqi8by9nk4gvqq38jnv7j9m48v] C:\DOCUME~1\Menace\LOCALS~1\Temp\xn3yebgtmjjuy.exe
O4 - HKCU\..\Run: [awva8wn0seji5x16tje5m9ff4c8gr9z1e2gdru] C:\DOCUME~1\Menace\LOCALS~1\Temp\m0jirxrj29.exe
O4 - HKCU\..\Run: [jukagabozb0ufe] C:\DOCUME~1\Menace\LOCALS~1\Temp\drlop23d.exe
O4 - HKCU\..\Run: [pnelwurhbjy94au8s5denjgeq3x8wrnqnn] C:\DOCUME~1\Menace\LOCALS~1\Temp\z7lkre6.exe
O4 - HKCU\..\Run: [dqroduta2bewgatnoybxwdrgrzkybzgbk4a4gakf8cfgt66cxj] C:\DOCUME~1\Menace\LOCALS~1\Temp\a08fgdz3c9d8.exe
O4 - HKCU\..\Run: [w0ul3jyi4tdu3djp5fxgb2vwbw82mu7dj7ytn4ai] C:\DOCUME~1\Menace\LOCALS~1\Temp\zr4s1irfeq2l.exe
O4 - HKCU\..\Run: [czdkse0lvhawy9u2xwgxbh6k0q] C:\DOCUME~1\Menace\LOCALS~1\Temp\u2eg61604cwxf.exe
O4 - HKCU\..\Run: [aiy9bf3310ye7q90fr5qh1iqsq1ejbr4j8isi] C:\DOCUME~1\Menace\LOCALS~1\Temp\nnoyww6u8t0.exe
O4 - HKCU\..\Run: [z54sku7zscr5mlmlrphpodbfvcynzd35naoczlyvp] C:\DOCUME~1\Menace\LOCALS~1\Temp\cluw0m6h.exe
O4 - HKCU\..\Run: [j2i9w5t6fwwqb] C:\DOCUME~1\Menace\LOCALS~1\Temp\pp4l4y.exe
O4 - HKCU\..\Run: [mg1vayv9kq0qavmt21lp81ik7c4ppnsn97s2ug4t8q] C:\DOCUME~1\Menace\LOCALS~1\Temp\hwag7f.exe
O4 - HKCU\..\Run: [lqla79flqlutt23j] C:\DOCUME~1\Menace\LOCALS~1\Temp\ydhjglkj.exe
O4 - HKCU\..\Run: [a8bx2arnv7h9kpnryykcnidb] C:\DOCUME~1\Menace\LOCALS~1\Temp\nce7ypsie.exe
O4 - HKCU\..\Run: [ontjnpiathy4ko0zasrqoutdegotmg2n8022] C:\DOCUME~1\Menace\LOCALS~1\Temp\kxw43r.exe
O4 - HKCU\..\Run: [icpm6mxepgo1nbqj51bdrdug7bg2z95s] C:\DOCUME~1\Menace\LOCALS~1\Temp\xzm9700win.exe
O4 - HKCU\..\Run: [jmmd8oqylhahjprdgrn5rwblnc3tx5] C:\DOCUME~1\Menace\LOCALS~1\Temp\aqie9gv7avu3.exe
O4 - HKCU\..\Run: [lh96enlnof9fat77n3ba5bqpq4w75u7] C:\DOCUME~1\Menace\LOCALS~1\Temp\x2el9sw96cosz.exe
O4 - HKCU\..\Run: [pshhcpssv1bj4hou16a] C:\DOCUME~1\Menace\LOCALS~1\Temp\whpewnr4hozvq.exe
O4 - HKCU\..\Run: [qg7jxe67yf0i1bl0kg61vmhtrggu6h4zs1q5ydfka] C:\DOCUME~1\Menace\LOCALS~1\Temp\mzpdnaq38.exe
O4 - HKCU\..\Run: [ikxdb7ndrr40aqpxzlj7pmu6li083cabr7ctad3] C:\DOCUME~1\Menace\LOCALS~1\Temp\je8jiqyk9znzx.exe
O4 - HKCU\..\Run: [p8tqvoh2utjix5p6sfs0wo5t2kmt4je5qerc68] C:\DOCUME~1\Menace\LOCALS~1\Temp\b2eehyv4jtc1t.exe
O4 - HKCU\..\Run: [dmbcs837hg4upw10gfg2kfnevjh7ng9i1g6nk5f] C:\DOCUME~1\Menace\LOCALS~1\Temp\m4xxn8.exe
O4 - HKCU\..\Run: [j8yr3baur14lvnkz0n2y] C:\DOCUME~1\Menace\LOCALS~1\Temp\gmf3v69p1.exe
O4 - HKCU\..\Run: [e5rg74a7n721qbnurpyqkbx18x63t717mor] C:\DOCUME~1\Menace\LOCALS~1\Temp\kbapygd5w18.exe
O4 - HKCU\..\Run: [zgdsl1u30qmmg3lk30qvveitpf3ya] C:\DOCUME~1\Menace\LOCALS~1\Temp\grg3lmnr87gk.exe
O4 - HKCU\..\Run: [l8alo72to13iqzf6] C:\DOCUME~1\Menace\LOCALS~1\Temp\v8gkfvly5px.exe
O4 - HKCU\..\Run: [nlph61a8sbj] C:\DOCUME~1\Menace\LOCALS~1\Temp\d42h5n87uhjgg.exe
O4 - HKCU\..\Run: [xd5xf0iosoi9phu6ttt77kqrmh4f8] C:\DOCUME~1\Menace\LOCALS~1\Temp\r7z7g7ue.exe
O4 - HKCU\..\Run: [gjqlenprel] C:\DOCUME~1\Menace\LOCALS~1\Temp\rhdrmnbvb9mc.exe
O4 - HKCU\..\Run: [al77pe36xdotenbe2tesvcl3y63rehxuvoqqpt5lh6f4drtg7] C:\DOCUME~1\Menace\LOCALS~1\Temp\ecyyxex.exe
O4 - HKCU\..\Run: [f7qc2dd67h1avxwaksq] C:\DOCUME~1\Menace\LOCALS~1\Temp\yix8axes.exe
O4 - HKCU\..\Run: [kn21vhk6qcwcvu232445azwd49a8me61u7la191ft98] C:\DOCUME~1\Menace\LOCALS~1\Temp\vdl8uy2prll.exe
O4 - HKCU\..\Run: [zqckhhc5oi4v9dwq48kqd6amxxfh79igxmzgfe3s4] C:\DOCUME~1\Menace\LOCALS~1\Temp\sszdwdk2ggpi.exe
O4 - HKCU\..\Run: [dpcqp7qf6w8hxwzd6a2l] C:\DOCUME~1\Menace\LOCALS~1\Temp\znjmsga62l.exe
O4 - HKCU\..\Run: [ckkc0s8sz2i28gtz3su7isifx5abcia2wxqmgb] C:\DOCUME~1\Menace\LOCALS~1\Temp\n91pkk8.exe
O4 - HKCU\..\Run: [vrkyh63c0lrollqewy27p9aokf04ufwiwbyw4s772ix5hp] C:\DOCUME~1\Menace\LOCALS~1\Temp\n8x0t5.exe
O4 - HKCU\..\Run: [eu7o4y1rnwq4pkdqtrdm3x4byfcycv5xbu2asfi4j4] C:\DOCUME~1\Menace\LOCALS~1\Temp\g5o60c7s2v.exe
O4 - HKCU\..\Run: [s7nya0hx2gcy64evmpwx] C:\DOCUME~1\Menace\LOCALS~1\Temp\hm41cuclo5bfx.exe
O4 - HKCU\..\Run: [etqfrznefj7jvo21hxaiwx6rac6dw0g] C:\DOCUME~1\Menace\LOCALS~1\Temp\t7nf5y.exe
O4 - HKCU\..\Run: [c5hn1hqmu3yxn0xqspxr8aj] C:\DOCUME~1\Menace\LOCALS~1\Temp\dlqkk6mt90c.exe
O4 - HKCU\..\Run: [fghmbip38cfwafs683kr7s5qjhpraodxfjhmp1n47yg5zxnlta] C:\DOCUME~1\Menace\LOCALS~1\Temp\po2dr9sqi.exe
O4 - HKCU\..\Run: [yq20et0eqrb0] C:\DOCUME~1\Menace\LOCALS~1\Temp\hh7ti1ic99ure.exe
O4 - HKCU\..\Run: [ekbzgntq875bv6r2iykwm] C:\DOCUME~1\Menace\LOCALS~1\Temp\xt3ifap3ea2l.exe
O4 - HKCU\..\Run: [bptmjlctjdw0obfn36j4gh3wj32tky1ua8ylsvlxpz9] C:\DOCUME~1\Menace\LOCALS~1\Temp\ymqw49zj3.exe
O4 - HKLM\..\Policies\Explorer\Run: [xccinit] C:\WINDOWS\system32\inf\rundll33.exe C:\WINDOWS\xccdf16_090131a.dll xccd16
O4 - HKUS\.DEFAULT\..\Run: [MS AntiSpyware 2009] "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1232663648921
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ylpisn.dll ybncvx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: urqhbske - urQHBSKE.dll (file missing)
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Media Center Receiver Service (ehRecvr) - Unknown owner - C:\WINDOWS\eHome\ehRecvr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Media Center Extender Service (McrdSvc) - Unknown owner - C:\WINDOWS\ehome\mcrdsvc.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 14297 bytes
  • 0

#6
handhfan
Posted 17 February 2009 - 09:45 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Yes, looks like you got the new nasty trojan we've been seeing. Let's try running ComboFix this way:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#7
Menace_19st
Posted 17 February 2009 - 11:16 PM

Menace_19st

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hi, thank you once again for your quick response. Ok.....NEW problem. I downloaded and installed combofix as instructed and it seemed to work. It was running and it asked me to take down some bad roots if i recall right and that we might need them for future use. As instrustred i wrote them down. They are as follows:

C:\WINDOWS\system32\drivers\UACppxdqwee.sys
C:\WINDOWS\system32\UACcblamyqb.dll
C:\WINDOWS\system32\UACimppxrel.dat
C:\WINDOWS\system32\UACdbbmnyma.dll
C:\WINDOWS\system32\UACktlehovb.dll
C:\WINDOWS\system32\UACwwblrgsn.dll
C:\WINDOWS\system32\UACkwgaqmyn.log
C:\WINDOWS\system32\UACacgoylqc.log
C:\WINDOWS\system32\UACdvbrxnrv.log

Ok now that that's clear let me tell you my new problem. Combofix restarted my computer and now i cant get into it. i get a blank screen as if logged into windows but i cant click on anything. All i see is the mouse icon. I tried to do the ctrl+alt+del combo but it popped up a window stating "windows task manager has been disabled by your administrator". Now all i have is a limited account which i cant change the registry to and i cant do anything with. IM STUCK once again. Your help is greatly appreciated.
  • 0

#8
handhfan
Posted 17 February 2009 - 11:23 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Try booting up in Safe Mode.

To boot into Safe Mode, restart your computer. Before the Windows logo appears, tap the F8 key. A list of options will appear. Select "Safe Mode."
  • 0

#9
Menace_19st
Posted 17 February 2009 - 11:26 PM

Menace_19st

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
I tried that already.....same issue. I also tried the safe mode with command prompt and again same issue. I tried going through the registry in the limited account to disable that windows task manager lock but it was unsuccessful.

Edited by Menace_19st, 17 February 2009 - 11:35 PM.

  • 0

#10
handhfan
Posted 17 February 2009 - 11:39 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Try "Last Known Good Configuration".
  • 0

Advertisements

#11
Menace_19st
Posted 17 February 2009 - 11:48 PM

Menace_19st

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
No good. Also, i must note that when i log into the limited account i have the same issue except i can use the task manager. No task bar is up or anything on my screen i have to manually click on new task and type in c:\windows\explore.exe to get things running.
  • 0

#12
handhfan
Posted 17 February 2009 - 11:50 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
So, you were able to get your desktop and everything loaded correctly (manually)?
  • 0

#13
Menace_19st
Posted 17 February 2009 - 11:52 PM

Menace_19st

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Not the administrator account (mine). Only the limited account. Which i cant do much off of due to restrictions.
  • 0

#14
handhfan
Posted 17 February 2009 - 11:56 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Are you able to navigate to C:\Qoobox\ComboFix.txt and post the log?
  • 0

#15
Menace_19st
Posted 18 February 2009 - 12:01 AM

Menace_19st

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Ok, in the Qoobox folder all I found were unreadable files. There was a log file however, it was not in notepad format. It seemed unfinished. I did find a notepad file named "catchme" which contained the following:

-------- Tue 02/17/2009 - 21:06:02.31 -------------

file zipped: C:\WINDOWS\system32\drivers\UACppxdqwee.sys -> _UACppxdqwee_.sys.zip -> UACppxdqwee.sys ( 65536 bytes )
file "C:\WINDOWS\system32\drivers\UACppxdqwee.sys" replaced successfully
File "C:\WINDOWS\system32\drivers\UACppxdqwee.sys" added successfully
file "C:\WINDOWS\system32\drivers\UACppxdqwee.sys" deleted successfully

Edited by Menace_19st, 18 February 2009 - 12:05 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP