Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirected, and generally computer seems messed up... [Solved]

Started by Olloyd21 , Oct 05 2009 11:38 AM

  • This topic is locked This topic is locked

#16
Olloyd21
Posted 06 October 2009 - 03:11 PM

Olloyd21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
i cant uninstall through add/remove programmes, nothing comes up on the list its just white? :) I alreayd tried removing Avira and it just didnt work and everytime my pc loads i get an error message, but when my add/remove prog was working it wasnt there??
  • 0

Advertisements

#17
Rorschach112
Posted 06 October 2009 - 03:14 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
try this to remove avira

Download and install Revo Uninstaller
  • Double click the Revo Uninstaller icon on your desktop to start the program
  • Scroll through the listed programs and Right Click on the program you wish to uninstall
  • From the pop out menu choose Uninstall
  • Click Yes to the confirmation dialogue
  • In the next window select the Advanced mode
  • Click Next to start uninstalling the program
  • Answer Yes to confirm the uninstall
  • When the program has completed the four steps, click Next to allow the program to search for leftovers
  • Once complete, click Next, then Finish
  • Repeat the above steps for any other programs you wish to remove.

  • 0

#18
Olloyd21
Posted 06 October 2009 - 03:31 PM

Olloyd21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
AVIRA isnt on there, nor AVG... :) I deleted all the files I could find for avira a while ago? god sorry this is such a nightmare
  • 0

#19
Rorschach112
Posted 06 October 2009 - 03:32 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
just do the other steps then
  • 0

#20
Olloyd21
Posted 06 October 2009 - 03:52 PM

Olloyd21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I did that... and got this:

Invalid Time Flag! --- applicationdata/10252034 must be numerical.

Is there a way I can wipe my computer without the disk? It's an acer? I can easily remove the few files I want to keep...it is so screwed up I'm so tired of trying to fix it and it being so [bleep] messed up. I really wanna just wipe the whole thing back to the way it was when i got it? is that possible
  • 0

#21
Rorschach112
Posted 06 October 2009 - 04:00 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I am really not sure about that. If you want you can make a topic about that in the Windows XP forum. I am going to PM a friend about that and see if he knows.


can you try run that fix once more but in safe mode


then try download and run combofix again
  • 0

#22
Rorschach112
Posted 06 October 2009 - 04:04 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
you seem to have made a mistake with your fix

You need to post all that stuff from the code box under the Custom Scans/Fixes box and click the Run Fix button, not the Run Scan one
  • 0

#23
Olloyd21
Posted 06 October 2009 - 04:10 PM

Olloyd21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\regedit.exe scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\prl.dll
C:\WINDOWS\System32\prl.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\prl.dll scheduled to be moved on reboot.
C:\svchost.com\N_ moved successfully.
C:\svchost.com moved successfully.

Registry entries deleted on Reboot...
  • 0

#24
Rorschach112
Posted 07 October 2009 - 06:01 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
tried combofix again ?
  • 0

#25
Olloyd21
Posted 07 October 2009 - 10:54 AM

Olloyd21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
FINALLY!!! It worked :) Thanks :)



Heres the log:

ComboFix 09-10-06.04 - A User 07/10/2009 17:28.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.456 [GMT 1:00]
Running from: c:\documents and settings\A User\Desktop\SVFHOST.EXE.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\A User\alcmtr .exe
c:\documents and settings\A User\restorer32_a .exe
c:\documents and settings\A User\rthdcpl .exe
c:\documents and settings\A User\rundll32.exe bthprops .exe
c:\documents and settings\A User\skytel .exe
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\Installer\156bc527.msp
c:\windows\Installer\32180f4.msp
c:\windows\Installer\3218109.msp
c:\windows\Installer\3218118.msp
c:\windows\Installer\3218141.msp
c:\windows\Installer\3218151.msp
c:\windows\Installer\321817a.msp
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\kbiwkmlog.dat
c:\windows\system32\kbiwkmroxpuwlg.dll
c:\windows\system32\kbiwkmtqpmetlt.dat
c:\windows\system32\lvcomsx .exe
c:\windows\system32\mscomct2.dat
c:\windows\system32\msrfcint.dat
c:\windows\system32\ntrdectr.dat
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\regedit.exe
c:\windows\system32\restorer32_a.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\xa.tmp

c:\windows\system32\drivers\AGP440.sys . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmwulxgsal
-------\Service_kbiwkmwulxgsal


((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-07 16:34 . 2009-10-07 16:34 27136 ----a-w- c:\documents and settings\A User\restorer32_a.exe
2009-10-07 16:15 . 2009-10-07 16:34 27136 ----a-w- c:\documents and settings\A User\skytel.exe
2009-10-06 22:06 . 2009-10-06 22:06 -------- d-----w- C:\_OTL
2009-10-06 21:30 . 2009-10-06 21:30 -------- d-----w- c:\program files\VS Revo Group
2009-10-05 18:52 . 2009-10-05 18:52 -------- d-----w- c:\program files\HJT
2009-10-05 18:49 . 2009-10-05 18:49 -------- d-----w- c:\program files\Trend Micro
2009-10-04 21:40 . 2009-10-04 21:40 -------- d-----w- c:\documents and settings\A User\Application Data\vlc
2009-10-04 21:39 . 2009-10-04 21:39 -------- d-----w- c:\program files\VideoLAN
2009-10-04 19:48 . 2009-10-07 16:16 27136 ----a-w- c:\documents and settings\A User\alcmtr.exe
2009-10-04 19:48 . 2009-10-07 16:16 27136 ----a-w- c:\documents and settings\A User\rthdcpl.exe
2009-10-04 19:25 . 2009-10-04 19:25 -------- d-----w- c:\program files\Xilisoft
2009-10-04 18:59 . 2009-10-04 18:59 26624 ---h--w- c:\documents and settings\A User\ligadmy.exe
2009-10-04 18:42 . 2009-10-04 18:42 -------- d-----w- c:\documents and settings\A User\Local Settings\Application Data\Happy Hour Code, LLC
2009-10-04 12:00 . 2009-10-04 12:00 -------- d-----w- c:\documents and settings\A User\Application Data\BSD
2009-10-04 11:59 . 2009-09-12 19:09 1518080 ----a-w- c:\windows\bsdsetup.dll
2009-10-04 11:34 . 2009-10-04 11:34 -------- d-----w- c:\program files\iPod
2009-10-04 11:34 . 2009-10-04 11:34 -------- d-----w- c:\program files\iTunes
2009-10-04 11:34 . 2009-10-04 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-04 11:33 . 2009-10-04 11:33 -------- d-----w- c:\program files\QuickTime
2009-10-04 11:32 . 2009-10-04 11:32 -------- d-----w- c:\program files\Apple Software Update
2009-10-04 11:31 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-04 08:43 . 2009-10-04 08:43 -------- d-----w- c:\documents and settings\A User\Application Data\Creative
2009-10-03 23:36 . 2009-10-03 23:36 -------- d-----w- c:\documents and settings\A User\Application Data\BitTorrent
2009-10-03 23:36 . 2009-10-03 23:36 -------- d-----w- c:\program files\BitTorrent
2009-10-03 20:43 . 2009-10-03 20:43 -------- d-----w- c:\windows\CtDrvInstall
2009-10-03 20:43 . 2005-10-12 00:01 24576 ----a-w- c:\windows\system32\P0630Aor.dll
2009-10-03 20:36 . 2009-10-03 20:36 -------- d-----w- c:\documents and settings\A User\Application Data\Blitware
2009-10-02 22:54 . 2009-10-02 22:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-02 22:54 . 2009-10-02 22:54 -------- d-----w- c:\documents and settings\A User\Application Data\skypePM
2009-10-02 22:19 . 2009-10-02 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-21 22:15 . 2009-09-21 22:15 -------- d-----w- c:\program files\DVDVideoSoft
2009-09-21 22:15 . 2009-09-21 22:15 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 16:32 . 2009-08-02 20:58 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-07 16:16 . 2005-07-19 16:32 27136 ----a-w- c:\windows\system32\lvcomsx.exe
2009-10-07 16:16 . 2006-03-23 11:13 27136 ----a-w- c:\windows\system32\hkcmd.exe
2009-10-07 16:16 . 2009-10-04 19:48 27136 ----a-w- c:\documents and settings\A User\rthdcpl .exe
2009-10-06 19:11 . 2004-08-03 22:07 94432 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2009-10-05 12:27 . 2006-03-23 11:17 27136 ----a-w- c:\windows\system32\igfxpers.exe
2009-10-04 19:47 . 2007-10-02 23:17 90112 ----a-w- c:\windows\DUMP4cc8.tmp
2009-10-04 11:42 . 2007-10-02 23:17 94208 ----a-w- c:\windows\DUMP4d93.tmp
2009-09-27 00:04 . 2007-10-02 23:17 90112 ----a-w- c:\windows\DUMP5a83.tmp
2009-09-22 08:16 . 2007-10-02 23:17 90112 ----a-w- c:\windows\DUMP5f17.tmp
2009-09-21 22:30 . 2008-12-08 11:57 256 ----a-w- c:\windows\system32\pool.bin
2009-09-16 21:30 . 2007-10-03 07:25 79936 ----a-w- c:\documents and settings\A User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-08 23:06 . 2007-10-02 23:17 90112 ----a-w- c:\windows\DUMP63ab.tmp
2009-09-08 22:52 . 2007-10-02 23:17 90112 ----a-w- c:\windows\DUMP63da.tmp
2009-08-28 18:42 . 2007-12-25 08:57 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 13:29 . 2009-08-28 13:29 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-05 18:11 . 2004-08-04 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-18 03:55 . 2004-08-04 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2004-08-04 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 12:36 . 2009-08-02 20:48 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 12:36 . 2009-08-02 20:47 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-04 . D41D8CD98F00B204E9800998ECF8427E . 14848 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . D41D8CD98F00B204E9800998ECF8427E . 113152 . . [5.1.2600.3520] . . c:\windows\system32\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[7] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[7] 2005-06-10 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . D41D8CD98F00B204E9800998ECF8427E . 58880 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-04 . D41D8CD98F00B204E9800998ECF8427E . 17408 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 . D41D8CD98F00B204E9800998ECF8427E . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . D41D8CD98F00B204E9800998ECF8427E . 1035776 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2009-10-06 19:11 . 0B7ADAAB8F46423CB92D4C746F359CA4 . 94432 . . [------] . . c:\windows\system32\drivers\AGP440.SYS
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"restorer32_a"="c:\documents and settings\A User\restorer32_a.exe" [2009-10-07 27136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2009-10-07 27136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-07 27136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2009-10-07 27136]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-07 27136]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2009-10-07 27136]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2009-10-07 27136]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2009-10-07 27136]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2009-10-07 27136]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"restorer32_a"="c:\windows\system32\restorer32_a.exe" [2009-10-07 27136]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"NDYMRkAqS"= {320D180F-98A7-B2A5-88B7-DA4E629C8ED9} - c:\windows\system32\prl.dll [2009-03-21 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [02/08/2009 09:22 108289]
R2 avgagent;AVG7 Remote Support Service (AvgAgent);avgagent.exe /srvfsys --> avgagent.exe [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [26/12/2007 21:07 24652]
S?2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/07/2009 13:28 133104]
S2 isjgknx;isjgknx;c:\windows\system32\drivers\tzgdgurk.sys --> c:\windows\system32\drivers\tzgdgurk.sys [?]
S2 khquw;khquw;c:\windows\system32\drivers\uxtiz.sys --> c:\windows\system32\drivers\uxtiz.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 12:27]

2009-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 12:27]

2009-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://en.uk.acer.yahoo.com/
uInternet Settings,ProxyServer = 80.87.131.100:80
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\A User\Application Data\Mozilla\Firefox\Profiles\sup22cnx.default\
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?query=
FF - prefs.js: network.proxy.ftp - 24.247.250.183:3128
FF - prefs.js: network.proxy.ftp_port - 8800
FF - prefs.js: network.proxy.gopher - 24.247.250.183:3128
FF - prefs.js: network.proxy.gopher_port - 8800
FF - prefs.js: network.proxy.http - 24.247.250.183:3128
FF - prefs.js: network.proxy.http_port - 8800
FF - prefs.js: network.proxy.socks - 24.247.250.183:3128
FF - prefs.js: network.proxy.socks_port - 8800
FF - prefs.js: network.proxy.ssl - 24.247.250.183:3128
FF - prefs.js: network.proxy.ssl_port - 8800
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKCU-Run-Creative WebCam Tray - c:\program files\Creative\Shared Files\CamTray.exe
HKCU-Run-Aim6 - (no file)
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 17:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5172)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\avgagent.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\acer\Empowering Technology\eRecovery\Monitor .exe
c:\program files\Logitech\Video\LogiTray .exe
c:\docume~1\AUSER~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\AUSER~1\LOCALS~1\Temp\ctv208.exe
.
**************************************************************************
.
Completion time: 2009-10-07 17:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-07 16:37

Pre-Run: 21,556,166,656 bytes free
Post-Run: 21,835,415,552 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
296 --- E O F --- 2009-09-10 16:44
  • 0

Advertisements

#26
Rorschach112
Posted 07 October 2009 - 11:31 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
are you editing the log to hide your user name ? If so, its stopping me from cleaning up the machine


you need to let Combofix install the recovery console as well


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SRPeek::
c:\windows\system32\drivers\AGP440.sys

File::
c:\documents and settings\A User\restorer32_a.exe
c:\documents and settings\A User\skytel.exe
c:\documents and settings\A User\alcmtr.exe
c:\documents and settings\A User\rthdcpl.exe
c:\documents and settings\A User\ligadmy.exe
c:\documents and settings\A User\rthdcpl .exe
c:\windows\system32\drivers\tzgdgurk.sys
c:\windows\system32\drivers\uxtiz.sys

Driver::
isjgknx
khquw
KillAll::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#27
Olloyd21
Posted 07 October 2009 - 11:36 AM

Olloyd21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I'm not editing anything?

I dont know how to turn Avira off since when I click it it says the module has been destroyed or cant be found?
  • 0

#28
Rorschach112
Posted 07 October 2009 - 12:02 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
just go on with it anyway

make sure to install the recovery console
  • 0

#29
Olloyd21
Posted 07 October 2009 - 12:08 PM

Olloyd21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I did that...It restarted, and when it had started up again, a system error came up and said itd shut down in 60 seconds...it did, and now has re-opened, but the programme wont respond to anything.....

I have nothing on the laptop of value, just viruses, trojans and annoying programmes I cant install. It'd really be easier to just wipe the laptop...Can you help me do this instead? We've given the easy removal route a good try...

I dont have the disk for the laptop, but everything on it can go I need nothing!
  • 0

#30
Rorschach112
Posted 07 October 2009 - 12:11 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I am not sure about wiping it. Go and make a topic in the Windows XP forum about that
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP