Jump to content

Cannot regain administrator rights and cannot view hidden folders

Recommended Posts

Virus changed administrator Privileges. PLEASE help?

Good Day Guys,

Please assist,I have struggled with this for 4 days now. I finally got tdsskiller downloaded and ran that,which picked up a backdoor virus aswell as a virus that had attached itseld to the win32 file. Then I ran malwarebytes and that picked up 17 issues that I removed. I could not download GMER and this is the best I could do. I now need to find a way maybe through the registry or whichevver way works to get full control of my administrator rights again. every important file is still blocking me from accessing it, I also need To find a way to have my documents folder reflect again. all the imaging programs Ive seen arent an option as I dont have an external drive and they always require much more space that I dont have. I trie Unhide and it didnt seem to do anything. I also untucked the hide files option in folder options. I need something new that has worked for others and that will work for me too. I saw when malwarebytes was running it read folders in my documents folder so it is still there I just cant access it or any other hidden folders. I will now attach my dds reports.


============== Running Processes ===============



============== Pseudo HJT Report ===============


uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

mStart Page = about:blank

mSearchAssistant = hxxp://google.inklineglobal.com

uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

mWinlogon: Userinit=c:\windows\system32\userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll

BHO: BitTorrentBar2 Toolbar: {656461ef-40f6-4115-9ff1-bced9812ccbb} - c:\program files\bittorrentbar2\prxtbBitT.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: BitTorrentBar2 Toolbar: {656461ef-40f6-4115-9ff1-bced9812ccbb} - c:\program files\bittorrentbar2\prxtbBitT.dll


TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [HW_OPENEYE_OUC_8ta connect] "c:\program files\8ta connect\updatedog\ouc.exe"

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [inCD] c:\program files\ahead\incd\InCD.exe

mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [wcmdmgr] c:\windows\wt\updater\wcmdmgrl.exe -launch


mRun: [Alcmtr] ALCMTR.EXE

mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [ExpressFiles] "c:\program files\expressfiles\ExpressFiles.exe" -tray

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Malwarebytes' Anti-Malware] "c:\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware] c:\malwarebytes' anti-malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

TCP: DhcpNameServer =

TCP: Interfaces\{8B505BB8-E97C-4B36-A478-B9005396356E} : DhcpNameServer =

TCP: Interfaces\{FEBBD233-BA41-4BF9-B781-896D23414B7B} : DhcpNameServer =

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll, c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12


============= SERVICES / DRIVERS ===============



=============== Created Last 30 ================


2012-06-17 11:22:12 -------- d-----w- c:\documents and settings\guest\application data\Malwarebytes

2012-06-17 11:20:16 -------- dcs---w- \32788R22FWJFW

2012-06-17 11:20:16 -------- dcs---w- \32788R22FWJFW

2012-06-17 11:20:16 -------- dcs---w- \32788R22FWJFW

2012-06-17 09:37:02 -------- dc----w- C:\Malwarebytes' Anti-Malware

2012-06-17 09:37:02 -------- dc----w- \Malwarebytes' Anti-Malware

2012-06-17 09:37:02 -------- dc----w- \Malwarebytes' Anti-Malware

2012-06-17 09:37:02 -------- dc----w- \Malwarebytes' Anti-Malware

2012-06-17 05:08:10 -------- dc----w- C:\TDSSKiller_Quarantine

2012-06-17 05:08:10 -------- dc----w- \TDSSKiller_Quarantine

2012-06-17 05:08:10 -------- dc----w- \TDSSKiller_Quarantine

2012-06-17 05:08:10 -------- dc----w- \TDSSKiller_Quarantine

2012-06-17 03:41:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-13 12:18:02 -------- d-----w- c:\documents and settings\guest\application data\ExpressFiles

2012-06-13 10:23:55 -------- d-----w- c:\program files\Hetman Software

2012-06-13 08:24:42 -------- d-----w- c:\program files\ARAX Disk Doctor Data Recovery

2012-06-13 08:05:33 -------- d-----w- c:\program files\iDisksoft Studio

2012-06-13 07:04:05 -------- d-----w- c:\program files\EASEUS

2012-06-11 23:01:05 -------- d-----w- c:\program files\Essentials Codec Pack

2012-06-11 01:37:50 -------- d-----w- c:\program files\Appnimi

2012-06-10 22:27:05 -------- d-----w- c:\program files\Freemake

2012-06-10 22:02:28 -------- d-----w- c:\program files\Free DivX Converter

2012-06-05 21:43:07 -------- d-----w- c:\program files\Auslogics

2012-06-05 21:03:45 -------- d-----w- c:\program files\inKline Global

2012-06-05 20:20:04 -------- d-----w- c:\program files\FastNet99 v. 4.3 Upgrade

2012-06-05 19:26:40 -------- d-----w- c:\program files\IObit

2012-06-04 22:17:18 -------- d-----w- c:\program files\PeerBlock

2012-06-04 00:32:28 -------- d-----w- c:\program files\RapidShareManager

2012-06-03 02:32:26 -------- d-----w- c:\program files\ExpressFiles

2012-06-03 01:36:50 -------- d-----w- c:\program files\VideoLAN

2012-06-03 01:36:24 -------- d-----w- c:\program files\Graboid

2012-05-30 19:27:05 -------- d-----w- C:\CDP

2012-05-30 19:27:05 -------- d-----w- \CDP

2012-05-30 19:27:05 -------- d-----w- \CDP

2012-05-30 19:27:05 -------- d-----w- \CDP

2012-05-30 18:59:26 -------- d-----w- c:\windows\SHELLNEW

2012-05-30 18:57:26 -------- d-----r- \MSOCache

2012-05-30 18:57:26 -------- d-----r- \MSOCache

2012-05-30 18:57:26 -------- d-----r- \MSOCache

2012-05-29 18:53:52 -------- d-----w- c:\program files\Application Updater

2012-05-29 18:53:51 -------- d-----w- c:\program files\FLV Toolbar

2012-05-29 18:53:51 -------- d-----w- c:\program files\common files\Spigot

2012-05-28 00:18:47 -------- d-----w- c:\program files\1ClickDownload

2012-05-27 06:05:07 -------- d-----w- c:\program files\YourFileDownloader

2012-05-27 02:14:18 -------- d-----w- c:\program files\AirStrike II Gulf Thunder DEMO

2012-05-26 01:39:25 -------- d-----w- c:\program files\Babylon

2012-05-26 01:15:24 -------- d-----w- c:\program files\NCSoft

2012-05-26 01:12:08 -------- d-----w- c:\program files\Sony Online Entertainment

2012-05-25 07:51:25 -------- d-----w- c:\program files\Conduit

2012-05-25 07:50:34 -------- d-----w- c:\program files\BitTorrentBar2

2012-05-25 07:46:55 -------- d-----w- c:\program files\BitTorrent

2012-05-25 06:32:04 -------- d-----w- c:\program files\GameTop.com

2012-05-25 05:01:42 -------- d-----w- c:\program files\GameHitZone.com

2012-05-25 03:49:15 -------- d-----w- c:\program files\Activision

2012-05-25 03:41:37 -------- d-----w- c:\program files\Nowstat.com

2012-05-22 00:37:13 -------- d-----w- c:\program files\Oracle


==================== Find3M ====================


2012-06-11 00:04:37 1409 ----a-w- c:\windows\QTFont.for

2012-05-04 07:04:00 2174976 ----a-w- c:\program files\common files\atimpenc.dll


============= FINISH: 14:44:13.25 ===============


==== Installed Programs ======================


7-Zip 9.22beta

8ta connect

Adobe Flash Player 11 ActiveX

Adobe Reader 9.2

Adobe® CreatePDF Desktop

Anti-phishing Domain Advisor

Ask Toolbar Updater

Auslogics Disk Defrag

Auslogics Registry Cleaner


BitTorrentBar2 Toolbar


Direct Show Ogg Vorbis Filter (remove only)

DivX Setup

EASEUS Data Recovery Wizard Professional 5.5.1

FlashPlayer Plus 2.6(Trial version)

FLV Player

Free DivX Converter

Freemake Video Converter version 3.0.2

Google Toolbar for Internet Explorer

Google Update Helper

Jar2Exe Wizard

Java Auto Updater

Java 7 Update 4

JavaFX 2.1.0

Kaspersky Anti-Virus 2009

LG ODD Auto Firmware Update

Logitech Gaming Software

Malwarebytes Anti-Malware version

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft .NET Framework 3.0 Service Pack 1

Microsoft .NET Framework 3.5

Microsoft .NET Framework 4 Client Profile

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Nero Suite

NVIDIA Control Panel 301.42

NVIDIA Display Control Panel

NVIDIA Graphics Driver 301.42

NVIDIA Install Application

NVIDIA nView 136.18


NVIDIA PhysX System Software 9.12.0213

NVIDIA Update 1.7.11

NVIDIA Update Components

OpenOffice.org 3.0

PeerBlock 1.1 (r518)



RealNetworks - Microsoft Visual C++ 2008 Runtime


REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1


Sothink FLV Player

Streetsof Rage 3 1.0


VC80CRTRedist - 8.0.50727.6195

VLC media player 2.0.1

WebFldrs XP

WildTangent Multiplayer Library

WildTangent Updater

WildTangent Web Driver

Windows Essentials Media Codec Pack 4.0 [32-Bit]

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows XP Service Pack 3

X-Men 2 Screen Saver

X-Men - The Official Game Demo

XML Paper Specification Shared Components Pack 1.0

Yahoo! Toolbar


==== End Of File ===========================

The following is the Hijack this log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 02:23:27 PM, on 2012/06/17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:



C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe


C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe



C:\Documents and Settings\Guest\Application Data\8ta connect\ouc.exe


C:\Program Files\8ta connect\8ta connect.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Guest\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: BitTorrentBar2 - {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: BitTorrentBar2 Toolbar - {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files\BitTorrentBar2\prxtbBitT.dll

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch


O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_8ta connect] "C:\Program Files\8ta connect\UpdateDog\ouc.exe"

O4 - HKUS\S-1-5-21-1708537768-1336601894-725345543-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-1708537768-1336601894-725345543-501\..\Run: [HW_OPENEYE_OUC_8ta connect] "C:\Program Files\8ta connect\UpdateDog\ouc.exe" (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll, C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


End of file - 10050 bytes

This last file is from the unhide log I attempted.

Unhide by Lawrence Abrams (Grinler)

Bleeping Computer - Computer Help and Discussion

Copyright 2008-2012 BleepingComputer.com

More Information about Unhide.exe can be found at this link:

Unhide.exe - A introduction as to what this program does

Program started at: 06/16/2012 07:01:26 AM

Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the A:\ drive

Finished processing the A:\ drive. 0 files processed.

Processing the C:\ drive

Finished processing the C:\ drive. 48737 files processed.

Processing the G:\ drive

Finished processing the G:\ drive. 0 files processed.

The C:\DOCUME~1\Guest\LOCALS~1\Temp\smtmp\ folder does not exist!!

Unhide cannot restore your missing shortcuts!!

Please see this topic in order to learn how to restore default

Start Menu shortcuts: Unhide.exe - A introduction as to what this program does

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 06/16/2012 07:01:44 AM

Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)

Id appreciate your assistance

Link to post
Share on other sites

Hello Lonecrusader and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

I would like to see what was found from Malwarebytes' Anti-Malware and TDSSKiller too. For TDSSKiller, a report was created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

About Malwarebytes' Anti-Malware, run it and go to Logs tab, then double-click on each line to find your log file with 17 detection entries. Post it in your next reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.