trojan.win32.obfuscated.gx has infected my work computer. please help

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

trojan.win32.obfuscated.gx has infected my work computer. please help, Read before.... unfortunately did not work. I can only access my pc i

Options

Alonzo View Member Profile	Dec 16 2007, 10:13 PM Post #1
Member Posts: 11 OS: XP	Here is my HiJack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:46:04 PM, on 12/16/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: IE plugin - {17A1DBB5-DAD8-4E78-BF7E-9BE4B965408B} - C:\WINDOWS\pmspl. dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c: \program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System 32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C: \Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops. cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages. exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" - atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10 \bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" / hide /waitservice O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages. exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0 \Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1 \MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C 608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~ 1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C: \WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa 003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} (JInitiator 1.3.1.25) - http:// hxphlbusvxxxap1/webhtml/opera_jinit_1012_25.exe O16 - DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} (RegTerminalSrv Object) - http ://hxphlbusvxxxap1/installregterm.exe O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/ download/files/abasetup161.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = cnatla4svradx01. local,inns.hiw.com,hiw.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = cnatla4svradx01. local,inns.hiw.com,hiw.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = cnatla4svradx01. local,inns.hiw.com,hiw.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cnatla4svradx01. local,inns.hiw.com,hiw.com O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C: \Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - http://asp7.centra.com/SiteRoots/main/ AgendaStorageRoot/Cobranding/0000014189d000000102fc8e37ab9de6/En/US/Images/Banner .gif -- End of file - 6960 bytes ************************************** Uninstall list from HiJack This: Abacast Client Access IBM Access IBM Cleanup Utility Access IBM Message Center Access IBM Tools Adobe Acrobat 4.0, 5.0 Adobe Flash Player 9 ActiveX Adobe Shockwave Player AIM 6 AOL Instant Messenger Boomer Radio Tuner CentraOne DirectX 9 Hotfix - KB839643 DivX Content Uploader DivX Web Player ESET NOD32 Antivirus Google Toolbar for Internet Explorer Google Updater HijackThis 2.0.2 IBM Access Support IBM Access Support - Local Content Pack IBM Printer Software Uninstall IBM Update Connector Intel® Extreme Graphics 2 Driver Intel® PRO Network Adapters and Drivers Intel® PROSet J2SE Runtime Environment 5.0 Update 10 Java 2 Runtime Environment Standard Edition v1.3.1_11 LiveUpdate 2.5 (Symantec Corporation) McAfee VirusScan Enterprise Micros Fidelio Opera Print Utility Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft Data Access Components KB870669 Microsoft Office Standard Edition 2003 MSN Music Assistant Norton Security Scan Opera Register Terminal Oracle JInitiator 1.3.1.25 Oracle JInitiator 1.3.1.25 Oracle JInitiator 1.3.1.9 Outlook Express Q823353 Panda ActiveScan PC-Doctor for Windows Picasa 2 QuickTime SoundMAX Spyware Doctor 5.1 Support.com Software ThinkCentre Wallpaper Update for Windows XP (KB931836) Viewpoint Media Player Windows Installer 3.1 (KB893803) Windows Live Toolbar Windows Live Toolbar Windows Media Format Runtime Windows Media Player 10 Windows Media Player Hotfix [See Q828026 for more information] Windows XP Hotfix - KB823182 Windows XP Hotfix - KB824105 Windows XP Hotfix - KB825119 Windows XP Hotfix - KB826939 Windows XP Hotfix - KB828035 Windows XP Hotfix - KB828741 Windows XP Hotfix - KB833407 Windows XP Hotfix - KB833987 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB835732 Windows XP Hotfix - KB837001 Windows XP Hotfix - KB839645 Windows XP Hotfix - KB840315 Windows XP Hotfix - KB840374 Windows XP Hotfix - KB840987 Windows XP Hotfix - KB841356 Windows XP Hotfix - KB841533 Windows XP Hotfix - KB841873 Windows XP Hotfix - KB842773 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB873376 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB889293 Windows XP Hotfix (SP2) [See Q331060 for more information] WinRAR archiver Xvid 1.1.3 final uninstall ****************************************************** Need all the help I can get. Have been in contact with friends who work at Micro Center and the Googleplex to no avail. Thank you in advance.

don77 View Member Profile	Dec 22 2007, 06:38 AM Post #2
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	Hello and welcome sorry for the delay Download FixIEDef.exe by ShadowPuterDude to the Desktop. Double-click FixIEDef.exe. Click the Extract Button. There will be a new folder on your desktop. Locate the FixIEDef folder and double click. Locate FixIEDef.bat and double-click on it. WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running. The icons and Start Menu on your Desktop will not be visible while FixIEDef is running. This is necessary to remove parts of the infection that would otherwise not be removed. FixIEDef will re-start Explorer at the end of the removal process NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender. FixIEDef will now run. You can safely close the Command Console after Explorer has restarted. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. See: http://www.beyondlogic.org/consulting/proc...processutil.htm Lets make sure we got it all Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Alonzo View Member Profile	Dec 22 2007, 02:37 PM Post #3
Member Posts: 11 OS: XP	that prog didnt work when i downloaded it the same night i got the virus. i had since deleted it but just got it again and tried. the FixIEDef.bat file was not in there. there wasFixIEDef.php, which i figured was that file since it was around the same file size so i change the extension (it did not say that changing the extension may make the file unusable). I clicked on it, the command screen popped up for a split second and went away. Again the program did not work, but I'm thinking it didn't this time because i am running in safe mode, the only way i can even run my pc. any other suggestions?

don77 View Member Profile	Dec 22 2007, 10:02 PM Post #4
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	run DSS please and post back the logs from it please

Alonzo View Member Profile	Dec 23 2007, 07:31 PM Post #6
Member Posts: 11 OS: XP	Here is the file "extra.txt": Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 1.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 3.00GHz CPU 1: Intel® Pentium® 4 CPU 3.00GHz Percentage of Memory in Use: 56% Physical Memory (total/avail): 502.98 MiB / 219.37 MiB Pagefile Memory (total/avail): 1227.71 MiB / 976.13 MiB Virtual Memory (total/avail): 2047.88 MiB / 1937.68 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 37.27 GiB total, 29.88 GiB free. D: is CDROM (No Media) O: is Network (NTFS) P: is Network (NTFS) R: is Network (NTFS) Z: is Network (NTFS) \\.\PHYSICALDRIVE0 - HDS728040PLAT20 - 37.27 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 37.27 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is disabled. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrator\Application Data CLASSPATH=.;C:\Program Files\JavaSoft\JRE\1.3.1_11\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=HXPHLBUDTXXX002 ComSpec=C:\WINDOWS\system32\cmd.exe HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrator LOGONSERVER=\\HXPHLBUDTXXX002 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0401 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\JavaSoft\JRE\1.3.1_11\lib\ext\QTJava.zip SAFEBOOT_OPTION=NETWORK SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp USERDOMAIN=HXPHLBUDTXXX002 USERNAME=Administrator USERPROFILE=C:\Documents and Settings\Administrator windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE" --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Abacast Client --> C:\PROGRA~1\Abacast\UNWISE.EXE C:\PROGRA~1\Abacast\client.LOG Access IBM --> MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB} Access IBM Cleanup Utility --> MsiExec.exe /I{CF44C7A5-5705-41E4-BE84-A9A42977AB05} Access IBM Message Center --> MsiExec.exe /X{710C0BB2-FE39-484E-BB23-C9B96835A14A} Access IBM Tools --> C:\Program Files\IBM\Access IBM\IBMUINST.EXE Adobe Acrobat 4.0, 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log AIM 6 --> C:\Program Files\AIM6\uninst.exe AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= Boomer Radio Tuner --> C:\PROGRA~1\BOOMER~1\UNWISE.EXE C:\PROGRA~1\BOOMER~1\INSTALL.LOG CentraOne --> C:\PROGRA~1\CENTRA~1\bin\launcher.exe uninstall DirectX 9 Hotfix - KB839643 --> C:\WINDOWS\$NtUninstallKB839643-DirectX9$\spuninst\spuninst.exe DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN ESET NOD32 Antivirus --> MsiExec.exe /I{BB703122-AF65-4AD9-BCA0-273E165DABEE} Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall IBM Access Support --> wscript "C:\Program Files\Support.com\bin\uninstall.vbs" -uninstall -release1 IBM Access Support - Local Content Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E34AB5C-B893-4EE9-82F3-F195978D009D}\Setup.exe" -l0x9 IBM Printer Software Uninstall --> C:\Program Files\IBM\Install\Uninstall.exe IBM Update Connector --> MsiExec.exe /X{31C2FBAC-67CF-4093-8F36-15A146613747} Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 Intel® PRO Network Adapters and Drivers --> Prounstl.exe Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} Java 2 Runtime Environment Standard Edition v1.3.1_11 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68249B71-B714-11D7-88E8-0050DA21757E}\Setup.exe" -uninst LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43} Micros Fidelio Opera Print Utility --> C:\PROGRA~1\MI9EC0~1\Opera\PRINTC~1\UNWISE.EXE C:\PROGRA~1\MI9EC0~1\Opera\PRINTC~1\INSTALL.LOG Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall Norton Security Scan --> MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19} Opera Register Terminal --> C:\PROGRA~1\OPERAR~1\UNWISE.EXE C:\PROGRA~1\OPERAR~1\INSTALL.LOG Oracle JInitiator 1.3.1.25 --> \UNWISE.EXE C:\DOCUME~1\ADMINI~1\Desktop\ Oracle JInitiator 1.3.1.25 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0125-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst Oracle JInitiator 1.3.1.9 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Oracle\JInitiator 1.3.1.9\Uninst.isu" Outlook Express Q823353 --> C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\SETUP.EXE" Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE" Support.com Software --> wscript "C:\Program Files\Support.com\bin\admins.vbs" ThinkCentre Wallpaper --> MsiExec.exe /I{80380166-A872-4B78-B98A-33447A032BDF} Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750} WinRAR archiver --> C:\WINDOWS\WinSxS\Manifests\uninstall.exe Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type8448 / Error Event Submitted/Written: 12/20/2007 02:02:33 PM Event ID/Source: 8193 / VSS Event Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Event Record #/Type8447 / Error Event Submitted/Written: 12/20/2007 02:02:33 PM Event ID/Source: 4609 / EventSystem Event Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Event Record #/Type8442 / Warning Event Submitted/Written: 12/20/2007 01:56:43 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type8441 / Warning Event Submitted/Written: 12/20/2007 01:54:35 PM Event ID/Source: 1015 / MsiInstaller Event Description: Failed to connect to server. Error: 0x8007043C Event Record #/Type8440 / Warning Event Submitted/Written: 12/20/2007 01:54:21 PM Event ID/Source: 1015 / MsiInstaller Event Description: Failed to connect to server. Error: 0x8007043C -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type387 / Error Event Submitted/Written: 12/20/2007 02:03:53 PM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: easdrv eeCtrl Fips Processor Event Record #/Type386 / Error Event Submitted/Written: 12/20/2007 02:03:08 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Record #/Type385 / Warning Event Submitted/Written: 12/20/2007 02:02:35 PM Event ID/Source: 1007 / Dhcp Event Description: Your computer has automatically configured the IP address for the Network Card with network address 0011257A1880. The IP address being used is 169.254.109.242. Event Record #/Type384 / Error Event Submitted/Written: 12/20/2007 02:02:33 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Record #/Type383 / Warning Event Submitted/Written: 12/20/2007 02:02:30 PM Event ID/Source: 1003 / Dhcp Event Description: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0011257A1880. The following error occurred: %%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. -- End of Deckard's System Scanner: finished at 2007-12-23 20:29:26 ------------

don77 View Member Profile	Dec 23 2007, 10:02 PM Post #7
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	Please restart HJT put a check next to the following, close all open windows and click �Fix Checked� O2 - BHO: IE plugin - {17A1DBB5-DAD8-4E78-BF7E-9BE4B965408B} - C:\WINDOWS\pmspl.dll Next Reboot into SAFE MODE Search for and delete the File highlighted in BOLD C:\WINDOWS\pmspl.dll Restart your computer, Next Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Post back a fresh DSS log please

don77 View Member Profile	Dec 25 2007, 10:58 AM Post #9
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	Kaspersky is finding a few false possitives from the IBM program any issues still everything is looking clean now

Alonzo View Member Profile	Dec 25 2007, 11:32 AM Post #10
Member Posts: 11 OS: XP	Just tried starting the pc on normal mode. It brings me to the background screen, no desktop icons or taskbar. It still only runs in safe mode, which does the job but is unacceptable to the other managers.

don77 View Member Profile	Dec 25 2007, 11:59 AM Post #11
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	QUOTE (Alonzo @ Dec 25 2007, 12:32 PM) Just tried starting the pc on normal mode. It brings me to the background screen, no desktop icons or taskbar. It still only runs in safe mode, which does the job but is unacceptable to the other managers. what do you mean by other managers ? Background screen of what ?

Alonzo View Member Profile	Dec 25 2007, 12:12 PM Post #12
Member Posts: 11 OS: XP	The other managers at my job, they want it in normal mode. The background screen after inputting my logon/pwd to get into windows. It shows that, the cursor, and nothing else. I kept it on to see if it was just taking EXTRA long; its been an hour and its still just showing the background and nothing else.

don77 View Member Profile	Dec 25 2007, 12:32 PM Post #13
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	any other users on the machine ? Do you have admin rights ?

Alonzo View Member Profile	Dec 25 2007, 12:55 PM Post #14
Member Posts: 11 OS: XP	its only the admin login that is used so i'd be able to switch pretty much any settings

don77 View Member Profile	Dec 25 2007, 06:53 PM Post #15
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	Go Here and download Taskbarrepair tool select the taskbar issue your having and let the tool repair it Let me know how that works out then we can work on getting the background squared away

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Trojan horse Generic9.AKUR has infected my computer	2 / 315	6th January 2008 - 11:13 AM savedbygrace started - last by savedbygrace
Virus, Spyware and Trojan Removal HELP PLEASE! Trojan.win32.Obfuscated.gx 12	16 / 1,377	13th February 2008 - 05:56 PM milkdad started - last by Wizard
Virus, Spyware and Trojan Removal Popups nedd Help please Infected: Trojan.Win32.Obfuscated.gx [RESOLVED 12	16 / 1,280	12th September 2008 - 02:40 AM Kinnaj started - last by sarahw
Virus, Spyware and Trojan Removal Please help...Bloodhound.SONAR.1 has infected my work PC [Solved]	4 / 552	17th April 2009 - 05:42 AM mandy95 started - last by Rorschach112