Jump to content

Lonecrusader

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Lonecrusader
    Virus changed administrator Privileges. PLEASE help? Good Day Guys, Please assist,I have struggled with this for 4 days now. I finally got tdsskiller downloaded and ran that,which picked up a backdoor virus aswell as a virus that had attached itseld to the win32 file. Then I ran malwarebytes and that picked up 17 issues that I removed. I could not download GMER and this is the best I could do. I now need to find a way maybe through the registry or whichevver way works to get full control of my administrator rights again. every important file is still blocking me from accessing it, I also need To find a way to have my documents folder reflect again. all the imaging programs Ive seen arent an option as I dont have an external drive and they always require much more space that I dont have. I trie Unhide and it didnt seem to do anything. I also untucked the hide files option in folder options. I need something new that has worked for others and that will work for me too. I saw when malwarebytes was running it read folders in my documents folder so it is still there I just cant access it or any other hidden folders. I will now attach my dds reports. . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 mStart Page = about:blank mSearchAssistant = hxxp://google.inklineglobal.com uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll mWinlogon: Userinit=c:\windows\system32\userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll BHO: BitTorrentBar2 Toolbar: {656461ef-40f6-4115-9ff1-bced9812ccbb} - c:\program files\bittorrentbar2\prxtbBitT.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: BitTorrentBar2 Toolbar: {656461ef-40f6-4115-9ff1-bced9812ccbb} - c:\program files\bittorrentbar2\prxtbBitT.dll {ae07101b-46d4-4a98-af68-0333ea26e113} TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [HW_OPENEYE_OUC_8ta connect] "c:\program files\8ta connect\updatedog\ouc.exe" mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [inCD] c:\program files\ahead\incd\InCD.exe mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [wcmdmgr] c:\windows\wt\updater\wcmdmgrl.exe -launch mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [ExpressFiles] "c:\program files\expressfiles\ExpressFiles.exe" -tray mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Malwarebytes' Anti-Malware] "c:\malwarebytes' anti-malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes Anti-Malware] c:\malwarebytes' anti-malware\mbamgui.exe /install /silent mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [RunNarrator] Narrator.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab TCP: DhcpNameServer = 196.43.45.190 196.43.50.190 TCP: Interfaces\{8B505BB8-E97C-4B36-A478-B9005396356E} : DhcpNameServer = 196.43.45.190 196.43.50.190 TCP: Interfaces\{FEBBD233-BA41-4BF9-B781-896D23414B7B} : DhcpNameServer = 196.43.45.190 196.43.50.190 Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll, c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-06-17 11:22:12 -------- d-----w- c:\documents and settings\guest\application data\Malwarebytes 2012-06-17 11:20:16 -------- dcs---w- \32788R22FWJFW 2012-06-17 11:20:16 -------- dcs---w- \32788R22FWJFW 2012-06-17 11:20:16 -------- dcs---w- \32788R22FWJFW 2012-06-17 09:37:02 -------- dc----w- C:\Malwarebytes' Anti-Malware 2012-06-17 09:37:02 -------- dc----w- \Malwarebytes' Anti-Malware 2012-06-17 09:37:02 -------- dc----w- \Malwarebytes' Anti-Malware 2012-06-17 09:37:02 -------- dc----w- \Malwarebytes' Anti-Malware 2012-06-17 05:08:10 -------- dc----w- C:\TDSSKiller_Quarantine 2012-06-17 05:08:10 -------- dc----w- \TDSSKiller_Quarantine 2012-06-17 05:08:10 -------- dc----w- \TDSSKiller_Quarantine 2012-06-17 05:08:10 -------- dc----w- \TDSSKiller_Quarantine 2012-06-17 03:41:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-13 12:18:02 -------- d-----w- c:\documents and settings\guest\application data\ExpressFiles 2012-06-13 10:23:55 -------- d-----w- c:\program files\Hetman Software 2012-06-13 08:24:42 -------- d-----w- c:\program files\ARAX Disk Doctor Data Recovery 2012-06-13 08:05:33 -------- d-----w- c:\program files\iDisksoft Studio 2012-06-13 07:04:05 -------- d-----w- c:\program files\EASEUS 2012-06-11 23:01:05 -------- d-----w- c:\program files\Essentials Codec Pack 2012-06-11 01:37:50 -------- d-----w- c:\program files\Appnimi 2012-06-10 22:27:05 -------- d-----w- c:\program files\Freemake 2012-06-10 22:02:28 -------- d-----w- c:\program files\Free DivX Converter 2012-06-05 21:43:07 -------- d-----w- c:\program files\Auslogics 2012-06-05 21:03:45 -------- d-----w- c:\program files\inKline Global 2012-06-05 20:20:04 -------- d-----w- c:\program files\FastNet99 v. 4.3 Upgrade 2012-06-05 19:26:40 -------- d-----w- c:\program files\IObit 2012-06-04 22:17:18 -------- d-----w- c:\program files\PeerBlock 2012-06-04 00:32:28 -------- d-----w- c:\program files\RapidShareManager 2012-06-03 02:32:26 -------- d-----w- c:\program files\ExpressFiles 2012-06-03 01:36:50 -------- d-----w- c:\program files\VideoLAN 2012-06-03 01:36:24 -------- d-----w- c:\program files\Graboid 2012-05-30 19:27:05 -------- d-----w- C:\CDP 2012-05-30 19:27:05 -------- d-----w- \CDP 2012-05-30 19:27:05 -------- d-----w- \CDP 2012-05-30 19:27:05 -------- d-----w- \CDP 2012-05-30 18:59:26 -------- d-----w- c:\windows\SHELLNEW 2012-05-30 18:57:26 -------- d-----r- \MSOCache 2012-05-30 18:57:26 -------- d-----r- \MSOCache 2012-05-30 18:57:26 -------- d-----r- \MSOCache 2012-05-29 18:53:52 -------- d-----w- c:\program files\Application Updater 2012-05-29 18:53:51 -------- d-----w- c:\program files\FLV Toolbar 2012-05-29 18:53:51 -------- d-----w- c:\program files\common files\Spigot 2012-05-28 00:18:47 -------- d-----w- c:\program files\1ClickDownload 2012-05-27 06:05:07 -------- d-----w- c:\program files\YourFileDownloader 2012-05-27 02:14:18 -------- d-----w- c:\program files\AirStrike II Gulf Thunder DEMO 2012-05-26 01:39:25 -------- d-----w- c:\program files\Babylon 2012-05-26 01:15:24 -------- d-----w- c:\program files\NCSoft 2012-05-26 01:12:08 -------- d-----w- c:\program files\Sony Online Entertainment 2012-05-25 07:51:25 -------- d-----w- c:\program files\Conduit 2012-05-25 07:50:34 -------- d-----w- c:\program files\BitTorrentBar2 2012-05-25 07:46:55 -------- d-----w- c:\program files\BitTorrent 2012-05-25 06:32:04 -------- d-----w- c:\program files\GameTop.com 2012-05-25 05:01:42 -------- d-----w- c:\program files\GameHitZone.com 2012-05-25 03:49:15 -------- d-----w- c:\program files\Activision 2012-05-25 03:41:37 -------- d-----w- c:\program files\Nowstat.com 2012-05-22 00:37:13 -------- d-----w- c:\program files\Oracle . ==================== Find3M ==================== . 2012-06-11 00:04:37 1409 ----a-w- c:\windows\QTFont.for 2012-05-04 07:04:00 2174976 ----a-w- c:\program files\common files\atimpenc.dll . ============= FINISH: 14:44:13.25 =============== . ==== Installed Programs ====================== . 7-Zip 9.22beta 8ta connect Adobe Flash Player 11 ActiveX Adobe Reader 9.2 Adobe® CreatePDF Desktop Anti-phishing Domain Advisor Ask Toolbar Updater Auslogics Disk Defrag Auslogics Registry Cleaner BitTorrent BitTorrentBar2 Toolbar CCleaner Direct Show Ogg Vorbis Filter (remove only) DivX Setup EASEUS Data Recovery Wizard Professional 5.5.1 FlashPlayer Plus 2.6(Trial version) FLV Player Free DivX Converter Freemake Video Converter version 3.0.2 Google Toolbar for Internet Explorer Google Update Helper Jar2Exe Wizard Java Auto Updater Java 7 Update 4 JavaFX 2.1.0 Kaspersky Anti-Virus 2009 LG ODD Auto Firmware Update Logitech Gaming Software Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.5 Microsoft .NET Framework 4 Client Profile Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Nero Suite NVIDIA Control Panel 301.42 NVIDIA Display Control Panel NVIDIA Graphics Driver 301.42 NVIDIA Install Application NVIDIA nView 136.18 NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Update 1.7.11 NVIDIA Update Components OpenOffice.org 3.0 PeerBlock 1.1 (r518) PowerDVD QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver RealUpgrade 1.1 Recuva Sothink FLV Player Streetsof Rage 3 1.0 SuperCopier2 VC80CRTRedist - 8.0.50727.6195 VLC media player 2.0.1 WebFldrs XP WildTangent Multiplayer Library WildTangent Updater WildTangent Web Driver Windows Essentials Media Codec Pack 4.0 [32-Bit] Windows Internet Explorer 7 Windows Internet Explorer 8 Windows XP Service Pack 3 X-Men 2 Screen Saver X-Men - The Official Game Demo XML Paper Specification Shared Components Pack 1.0 Yahoo! Toolbar . ==== End Of File =========================== The following is the Hijack this log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:23:27 PM, on 2012/06/17 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\RTHDCPL.EXE C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Guest\Application Data\8ta connect\ouc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\8ta connect\8ta connect.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Guest\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: BitTorrentBar2 - {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: BitTorrentBar2 Toolbar - {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [HW_OPENEYE_OUC_8ta connect] "C:\Program Files\8ta connect\UpdateDog\ouc.exe" O4 - HKUS\S-1-5-21-1708537768-1336601894-725345543-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1708537768-1336601894-725345543-501\..\Run: [HW_OPENEYE_OUC_8ta connect] "C:\Program Files\8ta connect\UpdateDog\ouc.exe" (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing) O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll, C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- End of file - 10050 bytes This last file is from the unhide log I attempted. Unhide by Lawrence Abrams (Grinler) Bleeping Computer - Computer Help and Discussion Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: Unhide.exe - A introduction as to what this program does Program started at: 06/16/2012 07:01:26 AM Windows Version: Windows XP Please be patient while your files are made visible again. Processing the A:\ drive Finished processing the A:\ drive. 0 files processed. Processing the C:\ drive Finished processing the C:\ drive. 48737 files processed. Processing the G:\ drive Finished processing the G:\ drive. 0 files processed. The C:\DOCUME~1\Guest\LOCALS~1\Temp\smtmp\ folder does not exist!! Unhide cannot restore your missing shortcuts!! Please see this topic in order to learn how to restore default Start Menu shortcuts: Unhide.exe - A introduction as to what this program does Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced No registry changes detected. Restarting Explorer.exe in order to apply changes. Program finished at: 06/16/2012 07:01:44 AM Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s) Id appreciate your assistance
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.