Jump to content

Cant install/ run Malwarebytes after getting Trojan


Recommended Posts

OK I have been fighting this thing for a couple days now trying to get something working with almost no success.

I am running WinXP, CA Etrust Antivirus and for extra protection I have AVG free version. I had Malwarebytes installed but would not run until this morning.

My computer got a Trojan horse Pakes.CKF and the Spyware Protect 2009. At first it was just annoying with the on top pop ups Spyware Protect 2009, and also one for Google INstaller that is still poping up. I also cannot boot into Windows every time. Sometimes as soon as I hit OK after entering my password it just stays on the blue screen, other times I see my desktop wallpaper and that is all. When that happens I can run things from Taskmanager.

I scanned with both virus scanners, Etrust apparently was not up to date because it did not find anything. AVG found the Trojan but would not clean it. Later on Etrust found and cleaned it once I got it updated. The popups are gone and I am getting a clean scan.

However, I cannot install or run any spyware removal tools. I cannot even go to their websites. I have been able to download them through Download.com, but when trying to go to the websites I get a blank page. I can go to other webpages unless they involve spyware removal.

I already had Malwarebytes installed, but it would not run. ONe note here is that when I try and run it the process shows up in Task Manager. Through Download.com I have redownloaded the Malwarebytes install and it will not do anything. Spybot installed, but will not run. Adaware installed but would not run. This morning I removed Malwarebytes to reinstall because now I can boot into Windows almost every time, so its looking better but Malwarebytes would not install. I also tried Hijackthis with the same results, download from Download.com and try to install with no results.

I tried this yesterday and it worked, but today it will not. CMD /C SC QUERY >C:\MYSERVICES.TXT | NOTEPAD C:\MYSERVICES.TXT I will post the results from yesterday below.

I have disabled both virus scans by following these instructions

"Click on START - RUN and type in SERVICES.MSC and click OK

Then scroll down through the entire list and look for ALL services with the word Etrust and AVG in the list.

Write down on a piece of paper their current STARTUP TYPE setting. ie. AUTO, MANUAL, DISABLED

Then set all of those with the word McAfee in them to DISABLED and reboot your computer and attempt to install MBAM again."

I did the things here http://www.malwarebytes.org/forums/index.php?showtopic=2936

Logs from yesterday - not sure why when I run this today it just brings up a blank txt document.

SERVICE_NAME: ALG
DISPLAY_NAME: Application Layer Gateway Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: Apple Mobile Device
DISPLAY_NAME: Apple Mobile Device
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: AudioSrv
DISPLAY_NAME: Windows Audio
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: avg8wd
DISPLAY_NAME: AVG Free8 WatchDog
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: Browser
DISPLAY_NAME: Computer Browser
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: CryptSvc
DISPLAY_NAME: Cryptographic Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: DAMaint
DISPLAY_NAME: Desktop Authority Maintenance Service
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: DcomLaunch
DISPLAY_NAME: DCOM Server Process Launcher
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: DesktopAuthority
DISPLAY_NAME: Desktop Authority Service
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: Dhcp
DISPLAY_NAME: DHCP Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: Dnscache
DISPLAY_NAME: DNS Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: ERSvc
DISPLAY_NAME: Error Reporting Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: Eventlog
DISPLAY_NAME: Event Log
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: EventSystem
DISPLAY_NAME: COM+ Event System
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: EvtEng
DISPLAY_NAME: Intel® PROSet/Wireless Event Log
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: helpsvc
DISPLAY_NAME: Help and Support
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: HidServ
DISPLAY_NAME: HID Input Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: InoRPC
DISPLAY_NAME: eTrust Antivirus RPC Server
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: InoRT
DISPLAY_NAME: eTrust Antivirus Realtime Server
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: InoTask
DISPLAY_NAME: eTrust Antivirus Job Server
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: JavaQuickStarterService
DISPLAY_NAME: Java Quick Starter
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: lanmanserver
DISPLAY_NAME: Server
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: lanmanworkstation
DISPLAY_NAME: Workstation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: LmHosts
DISPLAY_NAME: TCP/IP NetBIOS Helper
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: Messenger
DISPLAY_NAME: Messenger
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: Netlogon
DISPLAY_NAME: Net Logon
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: Netman
DISPLAY_NAME: Network Connections
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: Nla
DISPLAY_NAME: Network Location Awareness (NLA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: PlugPlay
DISPLAY_NAME: Plug and Play
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: PolicyAgent
DISPLAY_NAME: IPSEC Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: ProtectedStorage
DISPLAY_NAME: Protected Storage
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: RasMan
DISPLAY_NAME: Remote Access Connection Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: RegSrvc
DISPLAY_NAME: Intel® PROSet/Wireless Registry Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: RemoteRegistry
DISPLAY_NAME: Remote Registry
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: RpcSs
DISPLAY_NAME: Remote Procedure Call (RPC)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: S24EventMonitor
DISPLAY_NAME: Intel® PROSet/Wireless Service
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: SamSs
DISPLAY_NAME: Security Accounts Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: SCardSvr
DISPLAY_NAME: Smart Card
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: Schedule
DISPLAY_NAME: Task Scheduler
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: seclogon
DISPLAY_NAME: Secondary Logon
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: SENS
DISPLAY_NAME: System Event Notification
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: SharedAccess
DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: ShellHWDetection
DISPLAY_NAME: Shell Hardware Detection
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: Spooler
DISPLAY_NAME: Print Spooler
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: srservice
DISPLAY_NAME: System Restore Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: SSDPSRV
DISPLAY_NAME: SSDP Discovery Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: stisvc
DISPLAY_NAME: Windows Image Acquisition (WIA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: TapiSrv
DISPLAY_NAME: Telephony
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: TermService
DISPLAY_NAME: Terminal Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: Themes
DISPLAY_NAME: Themes
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: TrkWks
DISPLAY_NAME: Distributed Link Tracking Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: W32Time
DISPLAY_NAME: Windows Time
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: WebClient
DISPLAY_NAME: WebClient
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: winmgmt
DISPLAY_NAME: Windows Management Instrumentation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: WLANKEEPER
DISPLAY_NAME: Intel® PROSet/Wireless SSO Service
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: wltrysvc
DISPLAY_NAME: Dell Wireless WLAN Tray Service
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: wuauserv
DISPLAY_NAME: Automatic Updates
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
SERVICE_NAME: WudfSvc
DISPLAY_NAME: Windows Driver Foundation - User-mode Driver Framework
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

Thanks

Link to post
Share on other sites

  • Root Admin

Please try to download and run this. Copy and burn to CD from a friends computer if you need to.

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

While I am waiting on the next response I wanted to try installing other programs. I had no issue installing a DVD Ripper program and MWSnap, a screenshot program. There is something in here keeping it from installing helpful programs. I have personally never seen anything like this.

Link to post
Share on other sites

  • Root Admin

Please download and try running this: randmbam.exe

It will try to create random names and shortcuts for MBAM if you have it installed already. If this does not work, and renaming Combofix doesn't work in Normal mode or in Safe Mode then you'll probably need to run this.

Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

  • Download the
    Avira AntiVir Rescue System
    from
    here
  • Place a blank CD in your burner and double-click on the downloaded file.

  • The program will automatically burn the CD for you.

  • Place the burned CD into the affected computer and start the computer from this CD.

  • On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.

  • Click on the
    Configuration
    button.

    • Select
      Scan all files
    • Select
      Try to repair infected files
      and
      Rename files, if they cannot be removed

    • Select
      Scan for dialers

    • Select
      Scan for joke programs (Jokes)

    • Select
      Scan for games

    • Select
      Scan for spyware (SPR)

    [*]
    Click on
    Virus scanner

    [*]
    Click on
    Start scanner
    at the bottom of the screen

    [*]
    Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Screen resolution problems

Please see the post
here
if you're unable to view the entire screen of Avira.
Link to post
Share on other sites

OK, I still could not run Mbam at first, but was able to rename combofix and it worked. It deleted a bunch of files. After it was done I was able to run mbam. Here is the Mbam log:

Malwarebytes' Anti-Malware 1.34

Database version: 1854

Windows 5.1.2600 Service Pack 3

2009-03-16 11:14:18

mbam-log-2009-03-16 (11-14-18).txt

Scan type: Full Scan (C:\|)

Objects scanned: 202367

Time elapsed: 50 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACivxepatn.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UAClutosupq.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACrtqsqmtw.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwefqrssj.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwoekwqqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

I ran Mbam again after it found those infections and the second time it found nothing.

The combo fix log info is below. Hopefully I am all done.

ComboFix 09-03-15.01 - skelley 2009-03-16 10:01:35.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.622 [GMT -4:00]

Running from: c:\documents and settings\skelley\Desktop\stupid.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\skelley\Application Data\Google\mcscrlp32.dll

c:\windows\f49f4daa.dat

c:\windows\system32\drivers\UACfuxdqbrp.sys

c:\windows\system32\lowsec

c:\windows\system32\lowsec\local.ds

c:\windows\system32\lowsec\user.ds

c:\windows\system32\lowsec\user.ds.lll

c:\windows\system32\sdra64.exe

c:\windows\system32\uacinit.dll

c:\windows\system32\UACivxepatn.dll

c:\windows\system32\UACltoarlar.log

c:\windows\system32\UAClutosupq.dll

c:\windows\system32\UACrtqsqmtw.dll

c:\windows\system32\UACsjenxdap.log

c:\windows\system32\UACtmiawgfm.log

c:\windows\system32\UACwefqrssj.dll

c:\windows\system32\UACwoekwqqp.dll

c:\windows\system32\UACwxjoepap.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))

.

2009-03-16 09:47 . 2009-03-16 09:47 <DIR> d-------- C:\123456789

2009-03-16 09:40 . 2009-03-16 09:44 <DIR> d-------- C:\renoFix

2009-03-16 09:25 . 2009-03-16 09:25 <DIR> d-------- c:\documents and settings\administrator.DOMAIN\Application Data\HotSync

2009-03-16 09:24 . 2008-06-04 23:47 <DIR> d-------- c:\documents and settings\administrator.DOMAIN\Application Data\Intel

2009-03-16 09:24 . 2009-03-16 09:25 <DIR> d-------- c:\documents and settings\administrator.DOMAIN\Application Data\AVGTOOLBAR

2009-03-16 09:24 . 2009-03-16 09:24 <DIR> d-------- c:\documents and settings\administrator.DOMAIN

2009-03-13 10:49 . 2005-11-21 01:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL

2009-03-13 10:49 . 2005-11-21 01:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS

2009-03-11 10:23 . 2009-03-11 10:23 21,622 --a------ c:\windows\system32\AAWService_2009_03_11_10_23_58.dmp

2009-03-11 00:46 . 2009-03-11 16:40 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-03-11 00:46 . 2009-03-11 16:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-10 23:39 . 2009-03-11 15:03 <DIR> d-------- c:\program files\Lavasoft

2009-03-10 23:39 . 2009-03-11 15:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-03-10 22:52 . 2009-03-10 22:52 <DIR> d-------- C:\31.6.6389

2009-03-10 15:05 . 2009-03-10 15:05 1,152 --a------ c:\windows\system32\windrv.sys

2009-03-10 15:01 . 2009-03-10 15:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\PKWARE

2009-03-10 00:02 . 2008-06-04 23:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intel

2009-03-10 00:02 . 2009-03-10 00:02 <DIR> d-------- c:\documents and settings\Administrator

2009-03-09 21:46 . 2009-03-11 14:57 <DIR> d-------- c:\program files\Enigma Software Group

2009-03-05 17:53 . 2009-03-16 10:12 <DIR> d-------- c:\program files\DNA

2009-03-05 17:53 . 2009-03-16 10:12 <DIR> d-------- c:\documents and settings\skelley\Application Data\DNA

2009-03-04 09:37 . 2009-03-16 09:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-04 09:37 . 2009-03-04 09:37 <DIR> d-------- c:\documents and settings\skelley\Application Data\Malwarebytes

2009-03-04 09:37 . 2009-03-04 09:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-04 09:37 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-04 09:37 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-02 17:29 . 2009-03-02 17:29 <DIR> d-------- c:\program files\Opera

2009-02-21 03:44 . 2009-02-21 03:45 <DIR> d-------- C:\0bdcdda7fbb2ea5367e69b75

2009-02-21 03:30 . 2008-12-20 19:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-02-21 03:04 . 2008-12-11 06:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

2009-02-21 03:02 . 2008-10-24 07:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-02-21 03:01 . 2008-08-14 06:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-21 03:01 . 2008-08-14 05:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-21 03:01 . 2008-09-04 13:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2009-02-21 03:01 . 2008-10-15 12:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-02-21 03:00 . 2008-09-15 08:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

2009-02-21 03:00 . 2008-05-01 10:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2009-02-21 02:59 . 2008-04-11 15:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2009-02-21 02:57 . 2008-06-13 07:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-02-21 02:57 . 2008-05-08 10:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

2009-02-21 02:40 . 2004-08-04 06:00 221,184 --a------ c:\windows\system32\wmpns.dll

2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\system32\scripting

2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\system32\en

2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\system32\bits

2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\l2schemas

2009-02-21 02:19 . 2009-02-21 02:19 <DIR> d-------- c:\windows\ServicePackFiles

2009-02-21 01:49 . 2004-08-03 23:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys

2009-02-21 01:27 . 2008-10-16 15:09 43,544 --a------ c:\windows\system32\wups2.dll

2009-02-21 01:27 . 2008-10-16 15:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

2009-02-21 01:27 . 2008-10-16 15:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui

2009-02-21 01:27 . 2008-10-16 15:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui

2009-02-21 01:27 . 2008-10-16 15:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui

2009-02-21 01:20 . 2009-02-21 02:38 <DIR> d-------- C:\4604f652beba65845e8ead18d6e313

2009-02-17 16:45 . 2009-02-17 16:45 <DIR> d-------- c:\program files\MSECache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-16 13:59 --------- d-----w c:\program files\DesktopAuthority

2009-03-11 19:13 --------- d-----w c:\program files\Google

2009-03-10 07:24 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-03-01 20:37 --------- d-----w c:\documents and settings\skelley\Application Data\Nvu

2009-02-25 20:01 --------- d-----w c:\program files\Paint.NET

2009-02-06 21:18 --------- d-----w c:\documents and settings\skelley\Application Data\FileZilla

2009-02-06 06:49 --------- d-----w c:\program files\FileZilla

2009-02-04 17:26 --------- d-----w c:\program files\IrfanView

2009-02-04 13:55 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-02-03 19:42 --------- d-----w c:\documents and settings\skelley\Application Data\VSRevoGroup

2009-01-30 16:52 --------- d-----w c:\documents and settings\skelley\Application Data\OpenOffice.org

2009-01-30 16:46 --------- d-----w c:\program files\OpenOffice.org 3

2009-01-30 16:46 --------- d-----w c:\program files\JRE

2009-01-30 16:42 --------- d-----w c:\program files\OpenOffice.org 2.4

2009-01-30 16:16 --------- d-----w c:\documents and settings\skelley\Application Data\CoreFTP

2009-01-30 16:16 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP

2009-01-30 16:12 --------- d-----w c:\program files\FileZilla FTP Client

2009-01-30 15:13 --------- d-----w c:\documents and settings\skelley\Application Data\OpenOffice.org2

2009-01-29 22:19 --------- d-----w c:\program files\MSBuild

2009-01-29 22:14 --------- d-----w c:\program files\Reference Assemblies

2009-01-29 19:32 --------- d-----w c:\program files\PhotoScape

2009-01-29 19:29 --------- d-----w c:\documents and settings\skelley\Application Data\gtk-2.0

2009-01-29 19:04 --------- d-----w c:\program files\GIMP-2.0

2009-01-23 20:49 --------- d-----w c:\documents and settings\skelley\Application Data\SecondLife

2009-01-23 16:13 --------- d-----w c:\program files\Support Tools

2009-01-23 16:13 --------- d-----w c:\program files\Nvu

2009-01-23 16:06 --------- d-----w c:\program files\VS Revo Group

2009-01-21 16:26 --------- d-----w c:\documents and settings\skelley\Application Data\ACSTechnologies

2008-12-27 08:03 89,480 ----a-w c:\documents and settings\skelley\Application Data\GDIPFONTCACHEV1.DAT

2008-06-26 18:58 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"Google Update"="c:\documents and settings\skelley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-05 321344]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-14 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-14 118784]

"Desktop Authority GUI"="c:\program files\DesktopAuthority\ragui.exe" [2005-03-24 409600]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143360]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]

"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2004-02-15 622661]

"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]

"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"PKWARE Certificate Proxy Client"="c:\progra~1\PKWARE\PKZIPW\pkpcsr.exe" [2008-08-04 238928]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\skelley\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-04 09:55 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3IV2"= 3ivxVfWCodec_dec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2000:TCP"= 2000:TCP:DA Remote Management

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-24 325128]

R2 DAInfo;Desktop Authority Kernel Information Provider;c:\program files\DesktopAuthority\rainfo.sys [2008-06-04 6400]

R2 DAMaint;Desktop Authority Maintenance Service;c:\program files\DesktopAuthority\ramaint.exe [2008-06-04 49152]

R2 DesktopAuthority;Desktop Authority Service;c:\program files\DesktopAuthority\DesktopAuthority.exe [2008-06-04 1081344]

R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [2008-06-04 2944]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-26 29744]

S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1576e50c-3ba6-11dd-b848-0015c559bbd9}]

\Shell\AutoRun\command - f:\system\viewer\FlipVideoforPC.exe

\Shell\Flip Video for PC\command - f:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60d8d77-c668-11dd-b95a-0015c559bbd9}]

\Shell\AutoRun\command - E:\setupSNK.exe

.

Contents of the 'Scheduled Tasks' folder

2009-03-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1580436667-1202660629-1282.job

- c:\documents and settings\skelley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 08:56]

.

- - - - ORPHANS REMOVED - - - -

BHO-{C9C42510-9B21-41c1-9DCD-8382A2D07C61} - (no file)

HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe

.

------- Supplementary Scan -------

.

uStart Page = file://rsbc1/intranet/index.htm

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\skelley\Application Data\Mozilla\Firefox\Profiles\hwcek3z2.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\documents and settings\skelley\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Adobe\Reader\browser\nppdf32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-16 10:13:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKEEPER.exe

c:\windows\system32\WLTRYSVC.EXE

c:\windows\system32\BCMWLTRY.EXE

c:\windows\system32\scardsvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\windows\system32\SLAgent.exe

.

**************************************************************************

.

Completion time: 2009-03-16 10:16:43 - machine was rebooted [skelley]

ComboFix-quarantined-files.txt 2009-03-16 14:16:40

Pre-Run: 32,336,429,056 bytes free

Post-Run: 32,718,430,208 bytes free

244

Link to post
Share on other sites

  • Root Admin

Good. Please run the following scanner.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

Here they are, thanks.

DDS.txt:

DDS (Ver_09-03-16.01) - NTFSx86

Run by skelley at 9:34:02.35 on 2009-03-18

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.532 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\DesktopAuthority\RaMaint.exe

C:\Program Files\DesktopAuthority\DesktopAuthority.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\slagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DesktopAuthority\ragui.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\skelley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcrobatInfo.exe

C:\Documents and Settings\skelley\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = file://rsbc1/intranet/index.htm

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File

BHO: {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - No File

BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\skelley\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Desktop Authority GUI] "c:\program files\desktopauthority\ragui.exe"

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper

mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [Realtime Monitor] c:\progra~1\ca\etrust~1\realmon.exe -s

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [PKWARE Certificate Proxy Client] c:\progra~1\pkware\pkzipw\pkpcsr.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

StartupFolder: c:\docume~1\skelley\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)

IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://remote.roswellstreet.com/XTSAC.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235193978000

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://remote.roswellstreet.com/msrdp.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\pkmcdo.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\skelley\applic~1\mozilla\firefox\profiles\hwcek3z2.default\

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\documents and settings\skelley\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\adobe\reader\browser\nppdf32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-24 325128]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-24 27656]

R2 DAInfo;Desktop Authority Kernel Information Provider;c:\program files\desktopauthority\rainfo.sys [2008-6-4 6400]

R2 DAMaint;Desktop Authority Maintenance Service;c:\program files\desktopauthority\ramaint.exe [2008-6-4 49152]

R2 DesktopAuthority;Desktop Authority Service;c:\program files\desktopauthority\DesktopAuthority.exe [2008-6-4 1081344]

R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [2008-6-4 2944]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-26 29744]

S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-4 298264]

=============== Created Last 30 ================

2009-03-16 21:42 113,847 a----r-- c:\windows\system32\drivers\Apfiltr.sys

2009-03-16 21:42 95,511 a----r-- c:\windows\system32\Vxdif.dll

2009-03-16 21:42 <DIR> --d----- c:\program files\Apoint

2009-03-16 15:47 <DIR> --d----- c:\program files\Trend Micro

2009-03-16 09:49 161,792 a------- c:\windows\SWREG.exe

2009-03-16 09:49 98,816 a------- c:\windows\sed.exe

2009-03-16 09:47 <DIR> --d----- C:\123456789

2009-03-16 09:40 <DIR> --d----- C:\renoFix

2009-03-13 10:49 45,056 a------- c:\windows\system32\WNASPI32.DLL

2009-03-13 10:49 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS

2009-03-13 09:20 <DIR> --dshr-- C:\cmdcons

2009-03-13 09:20 <DIR> --d----- c:\windows\setup.pss

2009-03-13 09:20 <DIR> --d----- c:\windows\setupupd

2009-03-11 10:23 21,622 a------- c:\windows\system32\AAWService_2009_03_11_10_23_58.dmp

2009-03-11 00:46 <DIR> --d----- c:\program files\Spybot - Search & Destroy

2009-03-11 00:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2009-03-10 23:39 <DIR> --d----- c:\program files\Lavasoft

2009-03-10 22:52 <DIR> --d----- C:\31.6.6389

2009-03-10 15:05 1,152 a------- c:\windows\system32\windrv.sys

2009-03-09 21:46 <DIR> --d----- c:\program files\Enigma Software Group

2009-03-05 17:53 <DIR> --d----- c:\program files\DNA

2009-03-05 17:53 <DIR> --d----- c:\docume~1\skelley\applic~1\DNA

2009-03-04 09:37 <DIR> --d----- c:\docume~1\skelley\applic~1\Malwarebytes

2009-03-04 09:37 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-03-04 09:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-04 09:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-03-04 09:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-02-21 03:44 <DIR> --d----- C:\0bdcdda7fbb2ea5367e69b75

2009-02-21 03:30 63,488 -c------ c:\windows\system32\dllcache\icardie.dll

2009-02-21 03:04 333,952 -c------ c:\windows\system32\dllcache\srv.sys

2009-02-21 03:02 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2009-02-21 03:01 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

2009-02-21 03:01 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

2009-02-21 03:01 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-21 03:01 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-21 03:00 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys

2009-02-21 03:00 331,776 -c------ c:\windows\system32\dllcache\msadce.dll

2009-02-21 02:59 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll

2009-02-21 02:57 272,128 -c------ c:\windows\system32\dllcache\bthport.sys

2009-02-21 02:57 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys

2009-02-21 02:40 221,184 a------- c:\windows\system32\wmpns.dll

2009-02-21 02:26 <DIR> --d----- c:\windows\system32\scripting

2009-02-21 02:26 <DIR> --d----- c:\windows\l2schemas

2009-02-21 02:26 <DIR> --d----- c:\windows\system32\en

2009-02-21 02:26 <DIR> --d----- c:\windows\system32\bits

2009-02-21 02:19 <DIR> --d----- c:\windows\ServicePackFiles

2009-02-21 02:15 <DIR> --d----- c:\windows\network diagnostic

2009-02-21 01:49 104,960 -------- c:\windows\system32\drivers\atinrvxx.sys

2009-02-21 01:27 31,768 a------- c:\windows\system32\wucltui.dll.mui

2009-02-21 01:27 18,456 a------- c:\windows\system32\wuaueng.dll.mui

2009-02-21 01:27 <DIR> --d----- c:\windows\system32\SoftwareDistribution

2009-02-21 01:27 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui

2009-02-21 01:27 23,576 a------- c:\windows\system32\wuapi.dll.mui

2009-02-21 01:20 <DIR> --d----- C:\4604f652beba65845e8ead18d6e313

2009-02-17 16:45 <DIR> --d----- c:\program files\MSECache

==================== Find3M ====================

2009-02-21 02:31 88,579 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-02-04 09:55 325,128 a------- c:\windows\system32\drivers\avgldx86.sys

2009-02-04 09:55 10,520 a------- c:\windows\system32\avgrsstx.dll

2008-12-27 04:03 89,480 a------- c:\docume~1\skelley\applic~1\GDIPFONTCACHEV1.DAT

2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 9:34:38.94 ===============

Attach.txt

Attach.txt

Link to post
Share on other sites

  • Staff

Hi,

Your logs look OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

  • Staff
except my clock is on 24hr not am and pm.
Have you uninstalled Combofix?

If you did and it didn't adjust your clock settings, then, Go to start > run and type: intl.cpl

Hit enter

The Regional Settings properties should open now.

Under the tab Regional options > standards and formats, from the dropdown list, choose your region > click apply and ok.

Glad I could help. :(

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

  • Staff

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.