Lonecrusader
-
Posts
1 -
Joined
-
Last visited
This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Cannot regain administrator rights and cannot view hidden folders
in Resolved Malware Removal Logs
Posted
Virus changed administrator Privileges. PLEASE help?
Good Day Guys,
Please assist,I have struggled with this for 4 days now. I finally got tdsskiller downloaded and ran that,which picked up a backdoor virus aswell as a virus that had attached itseld to the win32 file. Then I ran malwarebytes and that picked up 17 issues that I removed. I could not download GMER and this is the best I could do. I now need to find a way maybe through the registry or whichevver way works to get full control of my administrator rights again. every important file is still blocking me from accessing it, I also need To find a way to have my documents folder reflect again. all the imaging programs Ive seen arent an option as I dont have an external drive and they always require much more space that I dont have. I trie Unhide and it didnt seem to do anything. I also untucked the hide files option in folder options. I need something new that has worked for others and that will work for me too. I saw when malwarebytes was running it read folders in my documents folder so it is still there I just cant access it or any other hidden folders. I will now attach my dds reports.
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = about:blank
mSearchAssistant = hxxp://google.inklineglobal.com
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: BitTorrentBar2 Toolbar: {656461ef-40f6-4115-9ff1-bced9812ccbb} - c:\program files\bittorrentbar2\prxtbBitT.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: BitTorrentBar2 Toolbar: {656461ef-40f6-4115-9ff1-bced9812ccbb} - c:\program files\bittorrentbar2\prxtbBitT.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [HW_OPENEYE_OUC_8ta connect] "c:\program files\8ta connect\updatedog\ouc.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [inCD] c:\program files\ahead\incd\InCD.exe
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [wcmdmgr] c:\windows\wt\updater\wcmdmgrl.exe -launch
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ExpressFiles] "c:\program files\expressfiles\ExpressFiles.exe" -tray
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware] "c:\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
TCP: DhcpNameServer = 196.43.45.190 196.43.50.190
TCP: Interfaces\{8B505BB8-E97C-4B36-A478-B9005396356E} : DhcpNameServer = 196.43.45.190 196.43.50.190
TCP: Interfaces\{FEBBD233-BA41-4BF9-B781-896D23414B7B} : DhcpNameServer = 196.43.45.190 196.43.50.190
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll, c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-06-17 11:22:12 -------- d-----w- c:\documents and settings\guest\application data\Malwarebytes
2012-06-17 11:20:16 -------- dcs---w- \32788R22FWJFW
2012-06-17 11:20:16 -------- dcs---w- \32788R22FWJFW
2012-06-17 11:20:16 -------- dcs---w- \32788R22FWJFW
2012-06-17 09:37:02 -------- dc----w- C:\Malwarebytes' Anti-Malware
2012-06-17 09:37:02 -------- dc----w- \Malwarebytes' Anti-Malware
2012-06-17 09:37:02 -------- dc----w- \Malwarebytes' Anti-Malware
2012-06-17 09:37:02 -------- dc----w- \Malwarebytes' Anti-Malware
2012-06-17 05:08:10 -------- dc----w- C:\TDSSKiller_Quarantine
2012-06-17 05:08:10 -------- dc----w- \TDSSKiller_Quarantine
2012-06-17 05:08:10 -------- dc----w- \TDSSKiller_Quarantine
2012-06-17 05:08:10 -------- dc----w- \TDSSKiller_Quarantine
2012-06-17 03:41:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-13 12:18:02 -------- d-----w- c:\documents and settings\guest\application data\ExpressFiles
2012-06-13 10:23:55 -------- d-----w- c:\program files\Hetman Software
2012-06-13 08:24:42 -------- d-----w- c:\program files\ARAX Disk Doctor Data Recovery
2012-06-13 08:05:33 -------- d-----w- c:\program files\iDisksoft Studio
2012-06-13 07:04:05 -------- d-----w- c:\program files\EASEUS
2012-06-11 23:01:05 -------- d-----w- c:\program files\Essentials Codec Pack
2012-06-11 01:37:50 -------- d-----w- c:\program files\Appnimi
2012-06-10 22:27:05 -------- d-----w- c:\program files\Freemake
2012-06-10 22:02:28 -------- d-----w- c:\program files\Free DivX Converter
2012-06-05 21:43:07 -------- d-----w- c:\program files\Auslogics
2012-06-05 21:03:45 -------- d-----w- c:\program files\inKline Global
2012-06-05 20:20:04 -------- d-----w- c:\program files\FastNet99 v. 4.3 Upgrade
2012-06-05 19:26:40 -------- d-----w- c:\program files\IObit
2012-06-04 22:17:18 -------- d-----w- c:\program files\PeerBlock
2012-06-04 00:32:28 -------- d-----w- c:\program files\RapidShareManager
2012-06-03 02:32:26 -------- d-----w- c:\program files\ExpressFiles
2012-06-03 01:36:50 -------- d-----w- c:\program files\VideoLAN
2012-06-03 01:36:24 -------- d-----w- c:\program files\Graboid
2012-05-30 19:27:05 -------- d-----w- C:\CDP
2012-05-30 19:27:05 -------- d-----w- \CDP
2012-05-30 19:27:05 -------- d-----w- \CDP
2012-05-30 19:27:05 -------- d-----w- \CDP
2012-05-30 18:59:26 -------- d-----w- c:\windows\SHELLNEW
2012-05-30 18:57:26 -------- d-----r- \MSOCache
2012-05-30 18:57:26 -------- d-----r- \MSOCache
2012-05-30 18:57:26 -------- d-----r- \MSOCache
2012-05-29 18:53:52 -------- d-----w- c:\program files\Application Updater
2012-05-29 18:53:51 -------- d-----w- c:\program files\FLV Toolbar
2012-05-29 18:53:51 -------- d-----w- c:\program files\common files\Spigot
2012-05-28 00:18:47 -------- d-----w- c:\program files\1ClickDownload
2012-05-27 06:05:07 -------- d-----w- c:\program files\YourFileDownloader
2012-05-27 02:14:18 -------- d-----w- c:\program files\AirStrike II Gulf Thunder DEMO
2012-05-26 01:39:25 -------- d-----w- c:\program files\Babylon
2012-05-26 01:15:24 -------- d-----w- c:\program files\NCSoft
2012-05-26 01:12:08 -------- d-----w- c:\program files\Sony Online Entertainment
2012-05-25 07:51:25 -------- d-----w- c:\program files\Conduit
2012-05-25 07:50:34 -------- d-----w- c:\program files\BitTorrentBar2
2012-05-25 07:46:55 -------- d-----w- c:\program files\BitTorrent
2012-05-25 06:32:04 -------- d-----w- c:\program files\GameTop.com
2012-05-25 05:01:42 -------- d-----w- c:\program files\GameHitZone.com
2012-05-25 03:49:15 -------- d-----w- c:\program files\Activision
2012-05-25 03:41:37 -------- d-----w- c:\program files\Nowstat.com
2012-05-22 00:37:13 -------- d-----w- c:\program files\Oracle
.
==================== Find3M ====================
.
2012-06-11 00:04:37 1409 ----a-w- c:\windows\QTFont.for
2012-05-04 07:04:00 2174976 ----a-w- c:\program files\common files\atimpenc.dll
.
============= FINISH: 14:44:13.25 ===============
.
==== Installed Programs ======================
.
7-Zip 9.22beta
8ta connect
Adobe Flash Player 11 ActiveX
Adobe Reader 9.2
Adobe® CreatePDF Desktop
Anti-phishing Domain Advisor
Ask Toolbar Updater
Auslogics Disk Defrag
Auslogics Registry Cleaner
BitTorrent
BitTorrentBar2 Toolbar
CCleaner
Direct Show Ogg Vorbis Filter (remove only)
DivX Setup
EASEUS Data Recovery Wizard Professional 5.5.1
FlashPlayer Plus 2.6(Trial version)
FLV Player
Free DivX Converter
Freemake Video Converter version 3.0.2
Google Toolbar for Internet Explorer
Google Update Helper
Jar2Exe Wizard
Java Auto Updater
Java 7 Update 4
JavaFX 2.1.0
Kaspersky Anti-Virus 2009
LG ODD Auto Firmware Update
Logitech Gaming Software
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Nero Suite
NVIDIA Control Panel 301.42
NVIDIA Display Control Panel
NVIDIA Graphics Driver 301.42
NVIDIA Install Application
NVIDIA nView 136.18
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update 1.7.11
NVIDIA Update Components
OpenOffice.org 3.0
PeerBlock 1.1 (r518)
PowerDVD
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recuva
Sothink FLV Player
Streetsof Rage 3 1.0
SuperCopier2
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.1
WebFldrs XP
WildTangent Multiplayer Library
WildTangent Updater
WildTangent Web Driver
Windows Essentials Media Codec Pack 4.0 [32-Bit]
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
X-Men 2 Screen Saver
X-Men - The Official Game Demo
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
.
==== End Of File ===========================
The following is the Hijack this log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:23:27 PM, on 2012/06/17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Guest\Application Data\8ta connect\ouc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\8ta connect\8ta connect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Guest\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: BitTorrentBar2 - {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: BitTorrentBar2 Toolbar - {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_8ta connect] "C:\Program Files\8ta connect\UpdateDog\ouc.exe"
O4 - HKUS\S-1-5-21-1708537768-1336601894-725345543-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1708537768-1336601894-725345543-501\..\Run: [HW_OPENEYE_OUC_8ta connect] "C:\Program Files\8ta connect\UpdateDog\ouc.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll, C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
--
End of file - 10050 bytes
This last file is from the unhide log I attempted.
Unhide by Lawrence Abrams (Grinler)
Bleeping Computer - Computer Help and Discussion
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
Unhide.exe - A introduction as to what this program does
Program started at: 06/16/2012 07:01:26 AM
Windows Version: Windows XP
Please be patient while your files are made visible again.
Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.
Processing the C:\ drive
Finished processing the C:\ drive. 48737 files processed.
Processing the G:\ drive
Finished processing the G:\ drive. 0 files processed.
The C:\DOCUME~1\Guest\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: Unhide.exe - A introduction as to what this program does
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
Restarting Explorer.exe in order to apply changes.
Program finished at: 06/16/2012 07:01:44 AM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)
Id appreciate your assistance