Jump to content

Terrawind

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Everything posted by Terrawind

  1. Terrawind
    Success to me! Well, as it seems to be the case that symantecs was pretty much disabling anything and as much as I tried to fix it it was hard. I couldn't disable symantecs and I still can't. However, I did stop it from being a program that would auto run upon boot up in gpedit. This made it easier to get combofix Dled and run. When Combofix cleaned out some of the files that didn't allowed the computer to run mbam. After getting the fix with combofix I ran mbam and this is what I got as attachments. The first is the quickscan and the second is the full scan. So while my internet on that computer isn't working, it seems everything else is in order. So this can be locked or deleted to avoid wasting server or forum space. I do sincerely want to thank chamber and the people he tried to help fixing this similar problem. I wouldnt have been able to get anywhere on trying to fix it without the suggestions. THANKIES! mbam_log_2009_11_20__02_18_29_.txt mbam_log_2009_11_20__02_46_17_.txt
  2. Terrawind
    Sorry, I forget to mention? Aside from all that you can't system restore either. Group policy blocked or some such. Will not start at all. Even in going to gpedit.msc you just can't get it to work. That was the only way I could figure out how to run Task Manager was by going to gpedit.msc. When I tried to run win32kdiag, nothing came up there either. The beginning processes but nothing would show up in the log at all. I'm really sorry for the trouble.
  3. Terrawind
    I posted this once but am having to try again. I have a security tools issue as well as a few others. This is on a work computer and I'll probably get blamed for it even though it was the shift before me. That's trivial however. In trying to follow people with other problems regarding ST I can't get combofix to run. It gives me a "date error 11-17-2009" when I try to run it. Aside from that I disabled symantics previously. Task Manager gets grayed out and has a myriad of process after I go to services.msc and enable it. I was wondering if there was any help for this computer at all? I also ran exehelper and lost the first log but I'll post the second log. This s from Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:25:38 AM, on 11/17/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Compaq\SetRefresh\setrefresh.exe C:\Program Files\Common Files\Symantec Shared\ccapp.exe C:\Program Files\Common Files\Symantec Shared\ccapp .exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\smax4 .exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\SYMANT~1\vptray.exe C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\smax4 .exe C:\PROGRA~1\SYMANT~1\vptray .exe C:\Program Files\Analog Devices\Core\smax4pnp .exe C:\Program Files\Analog Devices\SoundMAX\smax4 .exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxtray .exe C:\WINDOWS\system32\hkcmd .exe C:\WINDOWS\system32\igfxpers .exe C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\WINDOWS\system32\winupdate86.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\WINDOWS\system32\IFXSPMGT.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F14C08.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F17BE2.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1EBD2.exe C:\WINDOWS\system32\IFXTCS.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1816F.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f17be2.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1871D.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f17be2 .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f14c08 .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1ED78.exe C:\WINDOWS\system32\svchost.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F187E8.exe C:\Documents and Settings\OPERA\rundll32.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1ed78.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1816f.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F18DD3.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1871d.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1ed78 .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1816f .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1944C.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1871d .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1ebd2 .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F193FD.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F19323.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1DE16.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B76A.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B5A5.exe C:\Program Files\Intel\AMT\LMS.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B5F3.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B77A.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B7E7.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B7D7.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3C489.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3C516.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f187e8.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1816f.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f18dd3.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f19323.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3C66E.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00FF9ACF.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b76a.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1944c.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f193fd.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b5a5.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1de16.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1816f .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f187e8 .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f18dd3 .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b5f3.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b7e7.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b77a.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b5a5 .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f19323 .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b76a .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1944c .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3c489.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b7d7.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3c516.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3c66e.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1de16 .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f193fd .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b77a .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b7e7 .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b5f3 .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3c489 .exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b7d7 .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3c66e .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3c516 .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe C:\Program Files\Intel\AMT\UNS.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe C:\DOCUME~1\OPERA\LOCALS~1\Temp\drweb.exe C:\Program Files\Adobe\acrotray.exe C:\Program Files\Adobe\acrotray.exe C:\Program Files\Adobe\acrotray .exe C:\Program Files\Adobe\acrotray .exe C:\Program Files\Compaq\SetRefresh\setrefresh.exe C:\PROGRA~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\drivers\svchost.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\winupdate86.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chwwebapps.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 64.86.17.56 google.ae O1 - Hosts: 64.86.17.56 google.as O1 - Hosts: 64.86.17.56 google.at O1 - Hosts: 64.86.17.56 google.az O1 - Hosts: 64.86.17.56 google.ba O1 - Hosts: 64.86.17.56 google.be O1 - Hosts: 64.86.17.56 google.bg O1 - Hosts: 64.86.17.56 google.bs O1 - Hosts: 64.86.17.56 google.ca O1 - Hosts: 64.86.17.56 google.cd O1 - Hosts: 64.86.17.56 google.com.gh O1 - Hosts: 64.86.17.56 google.com.hk O1 - Hosts: 64.86.17.56 google.com.jm O1 - Hosts: 64.86.17.56 google.com.mx O1 - Hosts: 64.86.17.56 google.com.my O1 - Hosts: 64.86.17.56 google.com.na O1 - Hosts: 64.86.17.56 google.com.nf O1 - Hosts: 64.86.17.56 google.com.ng O1 - Hosts: 64.86.17.56 google.ch O1 - Hosts: 64.86.17.56 google.com.np O1 - Hosts: 64.86.17.56 google.com.pr O1 - Hosts: 64.86.17.56 google.com.qa O1 - Hosts: 64.86.17.56 google.com.sg O1 - Hosts: 64.86.17.56 google.com.tj O1 - Hosts: 64.86.17.56 google.com.tw O1 - Hosts: 64.86.17.56 google.dj O1 - Hosts: 64.86.17.56 google.de O1 - Hosts: 64.86.17.56 google.dk O1 - Hosts: 64.86.17.56 google.dm O1 - Hosts: 64.86.17.56 google.ee O1 - Hosts: 64.86.17.56 google.fi O1 - Hosts: 64.86.17.56 google.fm O1 - Hosts: 64.86.17.56 google.fr O1 - Hosts: 64.86.17.56 google.ge O1 - Hosts: 64.86.17.56 google.gg O1 - Hosts: 64.86.17.56 google.gm O1 - Hosts: 64.86.17.56 google.gr O1 - Hosts: 64.86.17.56 google.ht O1 - Hosts: 64.86.17.56 google.ie O1 - Hosts: 64.86.17.56 google.im O1 - Hosts: 64.86.17.56 google.in O1 - Hosts: 64.86.17.56 google.it O1 - Hosts: 64.86.17.56 google.ki O1 - Hosts: 64.86.17.56 google.la O1 - Hosts: 64.86.17.56 google.li O1 - Hosts: 64.86.17.56 google.lv O1 - Hosts: 64.86.17.56 google.ma O1 - Hosts: 64.86.17.56 google.ms O1 - Hosts: 64.86.17.56 google.mu O1 - Hosts: 64.86.17.56 google.mw O1 - Hosts: 64.86.17.56 google.nl O1 - Hosts: 64.86.17.56 google.no O1 - Hosts: 64.86.17.56 google.nr O1 - Hosts: 64.86.17.56 google.nu O1 - Hosts: 64.86.17.56 google.pl O1 - Hosts: 64.86.17.56 google.pn O1 - Hosts: 64.86.17.56 google.pt O1 - Hosts: 64.86.17.56 google.ro O1 - Hosts: 64.86.17.56 google.ru O1 - Hosts: 64.86.17.56 google.rw O1 - Hosts: 64.86.17.56 google.sc O1 - Hosts: 64.86.17.56 google.se O1 - Hosts: 64.86.17.56 google.sh O1 - Hosts: 64.86.17.56 google.si O1 - Hosts: 64.86.17.56 google.sm O1 - Hosts: 64.86.17.56 google.sn O1 - Hosts: 64.86.17.56 google.st O1 - Hosts: 64.86.17.56 google.tl O1 - Hosts: 64.86.17.56 google.tm O1 - Hosts: 64.86.17.56 google.tt O1 - Hosts: 64.86.17.56 google.us O1 - Hosts: 64.86.17.56 google.vu O1 - Hosts: 64.86.17.56 google.ws O1 - Hosts: 64.86.17.56 google.co.ck O1 - Hosts: 64.86.17.56 google.co.id O1 - Hosts: 64.86.17.56 google.co.il O1 - Hosts: 64.86.17.56 google.co.in O1 - Hosts: 64.86.17.56 google.co.jp O1 - Hosts: 64.86.17.56 google.co.kr O1 - Hosts: 64.86.17.56 google.co.ls O1 - Hosts: 64.86.17.56 google.co.ma O1 - Hosts: 64.86.17.56 google.co.nz O1 - Hosts: 64.86.17.56 google.co.tz O1 - Hosts: 64.86.17.56 google.co.ug O1 - Hosts: 64.86.17.56 google.co.uk O1 - Hosts: 64.86.17.56 google.co.za O1 - Hosts: 64.86.17.56 google.co.zm O1 - Hosts: 64.86.17.56 google.com O1 - Hosts: 64.86.17.56 google.com.af O2 - BHO: C:\WINDOWS\system32\r6gjrtbe7.dll - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\r6gjrtbe7.dll O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4 .exe" /tray O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe O4 - HKLM\..\Run: [ladozahome] Rundll32.exe "gafiseze.dll",s O4 - HKLM\..\Run: [lotonawup] Rundll32.exe "c:\windows\system32\bogopani.dll",a O4 - HKLM\..\Run: [deiywmnd] C:\Documents and Settings\OPERA\Local Settings\Application Data\wqronr\ckbisysguard.exe O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0 O4 - HKCU\..\Run: [A00F1A07E2C5.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1A07E2C5.exe O4 - HKCU\..\Run: [jsh87r3huiehf89esiudgd] C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\OPERA\LOCALS~1\Temp\drweb.exe O4 - HKCU\..\Run: [A00F15186.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F15186.exe O4 - HKCU\..\Run: [A00F14C08.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F14C08.exe O4 - HKCU\..\Run: [A00F17BE2.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F17BE2.exe O4 - HKCU\..\Run: [A00F1EBD2.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1EBD2.exe O4 - HKCU\..\Run: [A00F1816F.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1816F.exe O4 - HKCU\..\Run: [A00F1871D.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1871D.exe O4 - HKCU\..\Run: [A00F1ED78.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1ED78.exe O4 - HKCU\..\Run: [A00F187E8.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F187E8.exe O4 - HKCU\..\Run: [A00F18DD3.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F18DD3.exe O4 - HKCU\..\Run: [A00F1944C.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1944C.exe O4 - HKCU\..\Run: [A00F193FD.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F193FD.exe O4 - HKCU\..\Run: [A00F19323.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F19323.exe O4 - HKCU\..\Run: [A00F1DE16.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1DE16.exe O4 - HKCU\..\Run: [A00F3B76A.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B76A.exe O4 - HKCU\..\Run: [A00F3B5A5.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B5A5.exe O4 - HKCU\..\Run: [A00F3B5F3.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B5F3.exe O4 - HKCU\..\Run: [A00F3B77A.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B77A.exe O4 - HKCU\..\Run: [A00F3B7E7.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B7E7.exe O4 - HKCU\..\Run: [A00F3B7D7.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B7D7.exe O4 - HKCU\..\Run: [A00F3C489.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3C489.exe O4 - HKCU\..\Run: [A00F3C516.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3C516.exe O4 - HKCU\..\Run: [A00F3C66E.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3C66E.exe O4 - HKCU\..\Run: [A00FF9ACF.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00FF9ACF.exe O4 - HKCU\..\Run: [A00F139C8.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F139C8.exe O4 - HKCU\..\Run: [A00F16145.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F16145.exe O4 - HKCU\..\Run: [A00F16443.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F16443.exe O4 - HKCU\..\Run: [A00F1A311.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1A311.exe O4 - HKCU\..\Run: [A00F1B774.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B774.exe O4 - HKCU\..\Run: [A00F1B4F3.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B4F3.exe O4 - HKCU\..\Run: [A00F1B503.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B503.exe O4 - HKCU\..\Run: [A00F1B706.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B706.exe O4 - HKCU\..\Run: [A00F1B735.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B735.exe O4 - HKCU\..\Run: [A00F1B745.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B745.exe O4 - HKCU\..\Run: [A00F1B754.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B754.exe O4 - HKCU\..\Run: [A00F1B793.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B793.exe O4 - HKCU\..\Run: [A00F1B7A2.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B7A2.exe O4 - HKCU\..\Run: [A00F1BC56.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1BC56.exe O4 - HKCU\..\Run: [A00F1BE59.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1BE59.exe O4 - HKCU\..\Run: [AsusUpd.exe] AsusUpd.exe O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKCU\..\Run: [deiywmnd] C:\Documents and Settings\OPERA\Local Settings\Application Data\wqronr\ckbisysguard.exe O4 - HKUS\S-1-5-19\..\Run: [ladozahome] Rundll32.exe "gafiseze.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ladozahome] Rundll32.exe "gafiseze.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\OPERA\Application Data\AntiVirus Plus\AntiVirus Plus.70367201.dll", start 70367201 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\OPERA\Application Data\AntiVirus Plus\AntiVirus Plus.70367201.dll", start 70367201 (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll O15 - Trusted Zone: http://www.chwwebapps.com O16 - DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} (OperaPrintControl Object) - http://10.38.250.20:4400/installOperaPrintCtrl.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194964186671 O16 - DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} (JInitiator 1.3.1.25) - O16 - DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} (RegTerminalSrv Object) - http://10.38.250.20:4400/installregterm.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://microsinc.webex.com/client/T26L/support/ieatgpc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFADC5A-81D8-40E0-B713-DE6D17587012}: Domain = amer.carlson.com O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFADC5A-81D8-40E0-B713-DE6D17587012}: NameServer = 77.74.48.113 O17 - HKLM\System\CS1\Services\Tcpip\..\{7DFADC5A-81D8-40E0-B713-DE6D17587012}: Domain = amer.carlson.com O17 - HKLM\System\CS1\Services\Tcpip\..\{7DFADC5A-81D8-40E0-B713-DE6D17587012}: NameServer = 77.74.48.113 O17 - HKLM\System\CS2\Services\Tcpip\..\{7DFADC5A-81D8-40E0-B713-DE6D17587012}: Domain = amer.carlson.com O17 - HKLM\System\CS2\Services\Tcpip\..\{7DFADC5A-81D8-40E0-B713-DE6D17587012}: NameServer = 77.74.48.113 O18 - Filter hijack: text/html - {72079ea8-5e0c-4fcf-a22d-c1aeb827beb3} - C:\WINDOWS\batmeter16.dll O20 - AppInit_DLLs: c:\windows\system32\bogopani.dll,vanumege.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O20 - Winlogon Notify: __c007AC08 - C:\WINDOWS\system32\__c007AC08.dat O21 - SSODL: vurezomim - {21f46e38-aa2d-45c2-be75-a3c3ceb114aa} - c:\windows\system32\bogopani.dll O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\r6gjrtbe7.dll O22 - SharedTaskScheduler: kupuhivus - {21f46e38-aa2d-45c2-be75-a3c3ceb114aa} - c:\windows\system32\bogopani.dll O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe -- End of file - 22797 bytes exehelper log exeHelper by Raktor Build 20091021 Run at 03:38:28 on 11/17/09 Now searching... Checking for numerical processes... Killed numerical process 97752030 Deleting file C:\Documents and Settings\All Users\Application Data\97752030\97752030.exe Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\97752030 Killed numerical process 34270521 Deleting file C:\Documents and Settings\All Users\Application Data\34270521\34270521.exe Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\34270521 Killed numerical process 51052013 Deleting file C:\Documents and Settings\All Users\Application Data\51052013\51052013.exe Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\51052013 Killed numerical process 25777432 Deleting file C:\Documents and Settings\All Users\Application Data\25777432\25777432.exe Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\25777432 Killed numerical process 26588635 Deleting file C:\Documents and Settings\All Users\Application Data\26588635\26588635.exe Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\26588635 Killed numerical process 34270521 Killed numerical process 51052013 Killed numerical process 97752030 Killed numerical process 25777432 Killed numerical process 44567834 Deleting file C:\Documents and Settings\All Users\Application Data\44567834\44567834.exe Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\44567834 Killed numerical process 79935134 Deleting file C:\Documents and Settings\All Users\Application Data\79935134\79935134.exe Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\79935134 Killed numerical process 34270521 Killed numerical process 97752030 Killed numerical process 51052013 Killed numerical process 25777432 Killed numerical process 26588635 Killed numerical process 44567834 Killed numerical process 79935134 Killed numerical process 97752030 Killed numerical process 34270521 Killed numerical process 51052013 Killed numerical process 25777432 Killed numerical process 26588635 Killed numerical process 26588635 Killed numerical process 69895643 Deleting file C:\Documents and Settings\All Users\Application Data\69895643\69895643.exe Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\69895643 Checking for bad processes... Checking for bad files... Deleting file C:\WINDOWS\system32\41.exe Deleting file C:\WINDOWS\system32\critical_warning.html Deleting file C:\WINDOWS\system32\calc.dll Error deleting C:\WINDOWS\system32\calc.dll Deleting file C:\Documents and Settings\OPERA\ntuser.dll Deleting file C:\Documents and Settings\OPERA\Start Menu\Programs\Startup\scandisk.dll Deleting file C:\Documents and Settings\OPERA\Start Menu\Programs\Startup\scandisk.lnk Error deleting C:\Documents and Settings\OPERA\Start Menu\Programs\Startup\scandisk.lnk Checking for bad registry entries... Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced Virus Remover Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- exeHelper by Raktor Build 20091021 Run at 03:46:31 on 11/17/09 Now searching... Checking for numerical processes... Killed numerical process 44567834 Killed numerical process 44567834 Killed numerical process 25777432 Killed numerical process 34270521 Killed numerical process 51052013 Killed numerical process 97752030 Killed numerical process 25777432 Killed numerical process 34270521 Killed numerical process 51052013 Killed numerical process 97752030 Checking for bad processes... Checking for bad files... Deleting file C:\WINDOWS\system32\calc.dll Error deleting C:\WINDOWS\system32\calc.dll Deleting file C:\Documents and Settings\OPERA\ntuser.dll Error deleting C:\Documents and Settings\OPERA\ntuser.dll Deleting file C:\Documents and Settings\OPERA\Start Menu\Programs\Startup\scandisk.dll Deleting file C:\Documents and Settings\OPERA\Start Menu\Programs\Startup\scandisk.lnk Checking for bad registry entries... Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- There are a lot of processes like "wxasc .exe", "notepad .exe", and .exes with numbers an letters. I sincerely hope that I can get help with this.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.