Jump to content

Security Tool, Advanced Virus Protector etc etc


Recommended Posts

I posted this once but am having to try again. I have a security tools issue as well as a few others. This is on a work computer and I'll probably get blamed for it even though it was the shift before me. That's trivial however. In trying to follow people with other problems regarding ST I can't get combofix to run. It gives me a "date error 11-17-2009" when I try to run it. Aside from that I disabled symantics previously.

Task Manager gets grayed out and has a myriad of process after I go to services.msc and enable it. I was wondering if there was any help for this computer at all? I also ran exehelper and lost the first log but I'll post the second log.

This s from Hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:25:38 AM, on 11/17/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\HPQ\IAM\bin\asghost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Compaq\SetRefresh\setrefresh.exe

C:\Program Files\Common Files\Symantec Shared\ccapp.exe

C:\Program Files\Common Files\Symantec Shared\ccapp .exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\smax4 .exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\PROGRA~1\SYMANT~1\vptray.exe

C:\Program Files\Intel\AMT\atchk.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\smax4 .exe

C:\PROGRA~1\SYMANT~1\vptray .exe

C:\Program Files\Analog Devices\Core\smax4pnp .exe

C:\Program Files\Analog Devices\SoundMAX\smax4 .exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxtray .exe

C:\WINDOWS\system32\hkcmd .exe

C:\WINDOWS\system32\igfxpers .exe

C:\Program Files\Intel\AMT\atchk.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\WINDOWS\system32\winupdate86.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\WINDOWS\system32\IFXSPMGT.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F14C08.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F17BE2.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1EBD2.exe

C:\WINDOWS\system32\IFXTCS.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1816F.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f17be2.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1871D.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f17be2 .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f14c08 .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1ED78.exe

C:\WINDOWS\system32\svchost.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F187E8.exe

C:\Documents and Settings\OPERA\rundll32.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1ed78.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1816f.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F18DD3.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1871d.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1ed78 .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1816f .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1944C.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1871d .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1ebd2 .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F193FD.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F19323.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1DE16.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B76A.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B5A5.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B5F3.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B77A.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B7E7.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B7D7.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3C489.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3C516.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f187e8.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1816f.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f18dd3.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f19323.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3C66E.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00FF9ACF.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b76a.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1944c.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f193fd.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b5a5.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1de16.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

C:\WINDOWS\System32\svchost.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1816f .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f187e8 .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f18dd3 .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b5f3.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b7e7.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b77a.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b5a5 .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f19323 .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b76a .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1944c .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3c489.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b7d7.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3c516.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3c66e.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f1de16 .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f193fd .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b77a .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b7e7 .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b5f3 .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3c489 .exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3b7d7 .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3c66e .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\_a00f3c516 .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\notepad .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

C:\Program Files\Intel\AMT\UNS.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe

C:\DOCUME~1\OPERA\LOCALS~1\Temp\drweb.exe

C:\Program Files\Adobe\acrotray.exe

C:\Program Files\Adobe\acrotray.exe

C:\Program Files\Adobe\acrotray .exe

C:\Program Files\Adobe\acrotray .exe

C:\Program Files\Compaq\SetRefresh\setrefresh.exe

C:\PROGRA~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\drivers\svchost.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\winupdate86.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chwwebapps.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 74.125.45.100 4-open-davinci.com

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getavplusnow.com

O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com

O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com

O1 - Hosts: 74.125.45.100 paysoftbillsolution.com

O1 - Hosts: 64.86.17.56 google.ae

O1 - Hosts: 64.86.17.56 google.as

O1 - Hosts: 64.86.17.56 google.at

O1 - Hosts: 64.86.17.56 google.az

O1 - Hosts: 64.86.17.56 google.ba

O1 - Hosts: 64.86.17.56 google.be

O1 - Hosts: 64.86.17.56 google.bg

O1 - Hosts: 64.86.17.56 google.bs

O1 - Hosts: 64.86.17.56 google.ca

O1 - Hosts: 64.86.17.56 google.cd

O1 - Hosts: 64.86.17.56 google.com.gh

O1 - Hosts: 64.86.17.56 google.com.hk

O1 - Hosts: 64.86.17.56 google.com.jm

O1 - Hosts: 64.86.17.56 google.com.mx

O1 - Hosts: 64.86.17.56 google.com.my

O1 - Hosts: 64.86.17.56 google.com.na

O1 - Hosts: 64.86.17.56 google.com.nf

O1 - Hosts: 64.86.17.56 google.com.ng

O1 - Hosts: 64.86.17.56 google.ch

O1 - Hosts: 64.86.17.56 google.com.np

O1 - Hosts: 64.86.17.56 google.com.pr

O1 - Hosts: 64.86.17.56 google.com.qa

O1 - Hosts: 64.86.17.56 google.com.sg

O1 - Hosts: 64.86.17.56 google.com.tj

O1 - Hosts: 64.86.17.56 google.com.tw

O1 - Hosts: 64.86.17.56 google.dj

O1 - Hosts: 64.86.17.56 google.de

O1 - Hosts: 64.86.17.56 google.dk

O1 - Hosts: 64.86.17.56 google.dm

O1 - Hosts: 64.86.17.56 google.ee

O1 - Hosts: 64.86.17.56 google.fi

O1 - Hosts: 64.86.17.56 google.fm

O1 - Hosts: 64.86.17.56 google.fr

O1 - Hosts: 64.86.17.56 google.ge

O1 - Hosts: 64.86.17.56 google.gg

O1 - Hosts: 64.86.17.56 google.gm

O1 - Hosts: 64.86.17.56 google.gr

O1 - Hosts: 64.86.17.56 google.ht

O1 - Hosts: 64.86.17.56 google.ie

O1 - Hosts: 64.86.17.56 google.im

O1 - Hosts: 64.86.17.56 google.in

O1 - Hosts: 64.86.17.56 google.it

O1 - Hosts: 64.86.17.56 google.ki

O1 - Hosts: 64.86.17.56 google.la

O1 - Hosts: 64.86.17.56 google.li

O1 - Hosts: 64.86.17.56 google.lv

O1 - Hosts: 64.86.17.56 google.ma

O1 - Hosts: 64.86.17.56 google.ms

O1 - Hosts: 64.86.17.56 google.mu

O1 - Hosts: 64.86.17.56 google.mw

O1 - Hosts: 64.86.17.56 google.nl

O1 - Hosts: 64.86.17.56 google.no

O1 - Hosts: 64.86.17.56 google.nr

O1 - Hosts: 64.86.17.56 google.nu

O1 - Hosts: 64.86.17.56 google.pl

O1 - Hosts: 64.86.17.56 google.pn

O1 - Hosts: 64.86.17.56 google.pt

O1 - Hosts: 64.86.17.56 google.ro

O1 - Hosts: 64.86.17.56 google.ru

O1 - Hosts: 64.86.17.56 google.rw

O1 - Hosts: 64.86.17.56 google.sc

O1 - Hosts: 64.86.17.56 google.se

O1 - Hosts: 64.86.17.56 google.sh

O1 - Hosts: 64.86.17.56 google.si

O1 - Hosts: 64.86.17.56 google.sm

O1 - Hosts: 64.86.17.56 google.sn

O1 - Hosts: 64.86.17.56 google.st

O1 - Hosts: 64.86.17.56 google.tl

O1 - Hosts: 64.86.17.56 google.tm

O1 - Hosts: 64.86.17.56 google.tt

O1 - Hosts: 64.86.17.56 google.us

O1 - Hosts: 64.86.17.56 google.vu

O1 - Hosts: 64.86.17.56 google.ws

O1 - Hosts: 64.86.17.56 google.co.ck

O1 - Hosts: 64.86.17.56 google.co.id

O1 - Hosts: 64.86.17.56 google.co.il

O1 - Hosts: 64.86.17.56 google.co.in

O1 - Hosts: 64.86.17.56 google.co.jp

O1 - Hosts: 64.86.17.56 google.co.kr

O1 - Hosts: 64.86.17.56 google.co.ls

O1 - Hosts: 64.86.17.56 google.co.ma

O1 - Hosts: 64.86.17.56 google.co.nz

O1 - Hosts: 64.86.17.56 google.co.tz

O1 - Hosts: 64.86.17.56 google.co.ug

O1 - Hosts: 64.86.17.56 google.co.uk

O1 - Hosts: 64.86.17.56 google.co.za

O1 - Hosts: 64.86.17.56 google.co.zm

O1 - Hosts: 64.86.17.56 google.com

O1 - Hosts: 64.86.17.56 google.com.af

O2 - BHO: C:\WINDOWS\system32\r6gjrtbe7.dll - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\r6gjrtbe7.dll

O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4 .exe" /tray

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"

O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe

O4 - HKLM\..\Run: [ladozahome] Rundll32.exe "gafiseze.dll",s

O4 - HKLM\..\Run: [lotonawup] Rundll32.exe "c:\windows\system32\bogopani.dll",a

O4 - HKLM\..\Run: [deiywmnd] C:\Documents and Settings\OPERA\Local Settings\Application Data\wqronr\ckbisysguard.exe

O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0

O4 - HKCU\..\Run: [A00F1A07E2C5.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1A07E2C5.exe

O4 - HKCU\..\Run: [jsh87r3huiehf89esiudgd] C:\DOCUME~1\OPERA\LOCALS~1\Temp\wxasc .exe

O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\OPERA\LOCALS~1\Temp\drweb.exe

O4 - HKCU\..\Run: [A00F15186.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F15186.exe

O4 - HKCU\..\Run: [A00F14C08.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F14C08.exe

O4 - HKCU\..\Run: [A00F17BE2.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F17BE2.exe

O4 - HKCU\..\Run: [A00F1EBD2.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1EBD2.exe

O4 - HKCU\..\Run: [A00F1816F.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1816F.exe

O4 - HKCU\..\Run: [A00F1871D.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1871D.exe

O4 - HKCU\..\Run: [A00F1ED78.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1ED78.exe

O4 - HKCU\..\Run: [A00F187E8.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F187E8.exe

O4 - HKCU\..\Run: [A00F18DD3.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F18DD3.exe

O4 - HKCU\..\Run: [A00F1944C.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1944C.exe

O4 - HKCU\..\Run: [A00F193FD.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F193FD.exe

O4 - HKCU\..\Run: [A00F19323.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F19323.exe

O4 - HKCU\..\Run: [A00F1DE16.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1DE16.exe

O4 - HKCU\..\Run: [A00F3B76A.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B76A.exe

O4 - HKCU\..\Run: [A00F3B5A5.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B5A5.exe

O4 - HKCU\..\Run: [A00F3B5F3.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B5F3.exe

O4 - HKCU\..\Run: [A00F3B77A.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B77A.exe

O4 - HKCU\..\Run: [A00F3B7E7.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B7E7.exe

O4 - HKCU\..\Run: [A00F3B7D7.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3B7D7.exe

O4 - HKCU\..\Run: [A00F3C489.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3C489.exe

O4 - HKCU\..\Run: [A00F3C516.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3C516.exe

O4 - HKCU\..\Run: [A00F3C66E.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F3C66E.exe

O4 - HKCU\..\Run: [A00FF9ACF.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00FF9ACF.exe

O4 - HKCU\..\Run: [A00F139C8.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F139C8.exe

O4 - HKCU\..\Run: [A00F16145.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F16145.exe

O4 - HKCU\..\Run: [A00F16443.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F16443.exe

O4 - HKCU\..\Run: [A00F1A311.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1A311.exe

O4 - HKCU\..\Run: [A00F1B774.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B774.exe

O4 - HKCU\..\Run: [A00F1B4F3.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B4F3.exe

O4 - HKCU\..\Run: [A00F1B503.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B503.exe

O4 - HKCU\..\Run: [A00F1B706.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B706.exe

O4 - HKCU\..\Run: [A00F1B735.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B735.exe

O4 - HKCU\..\Run: [A00F1B745.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B745.exe

O4 - HKCU\..\Run: [A00F1B754.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B754.exe

O4 - HKCU\..\Run: [A00F1B793.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B793.exe

O4 - HKCU\..\Run: [A00F1B7A2.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1B7A2.exe

O4 - HKCU\..\Run: [A00F1BC56.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1BC56.exe

O4 - HKCU\..\Run: [A00F1BE59.exe] C:\DOCUME~1\OPERA\LOCALS~1\Temp\_A00F1BE59.exe

O4 - HKCU\..\Run: [AsusUpd.exe] AsusUpd.exe

O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe

O4 - HKCU\..\Run: [deiywmnd] C:\Documents and Settings\OPERA\Local Settings\Application Data\wqronr\ckbisysguard.exe

O4 - HKUS\S-1-5-19\..\Run: [ladozahome] Rundll32.exe "gafiseze.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [ladozahome] Rundll32.exe "gafiseze.dll",s (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\OPERA\Application Data\AntiVirus Plus\AntiVirus Plus.70367201.dll", start 70367201 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\OPERA\Application Data\AntiVirus Plus\AntiVirus Plus.70367201.dll", start 70367201 (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll

O15 - Trusted Zone: http://www.chwwebapps.com

O16 - DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} (OperaPrintControl Object) - http://10.38.250.20:4400/installOperaPrintCtrl.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194964186671

O16 - DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} (JInitiator 1.3.1.25) -

O16 - DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} (RegTerminalSrv Object) - http://10.38.250.20:4400/installregterm.exe

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://microsinc.webex.com/client/T26L/support/ieatgpc.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFADC5A-81D8-40E0-B713-DE6D17587012}: Domain = amer.carlson.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFADC5A-81D8-40E0-B713-DE6D17587012}: NameServer = 77.74.48.113

O17 - HKLM\System\CS1\Services\Tcpip\..\{7DFADC5A-81D8-40E0-B713-DE6D17587012}: Domain = amer.carlson.com

O17 - HKLM\System\CS1\Services\Tcpip\..\{7DFADC5A-81D8-40E0-B713-DE6D17587012}: NameServer = 77.74.48.113

O17 - HKLM\System\CS2\Services\Tcpip\..\{7DFADC5A-81D8-40E0-B713-DE6D17587012}: Domain = amer.carlson.com

O17 - HKLM\System\CS2\Services\Tcpip\..\{7DFADC5A-81D8-40E0-B713-DE6D17587012}: NameServer = 77.74.48.113

O18 - Filter hijack: text/html - {72079ea8-5e0c-4fcf-a22d-c1aeb827beb3} - C:\WINDOWS\batmeter16.dll

O20 - AppInit_DLLs: c:\windows\system32\bogopani.dll,vanumege.dll

O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

O20 - Winlogon Notify: __c007AC08 - C:\WINDOWS\system32\__c007AC08.dat

O21 - SSODL: vurezomim - {21f46e38-aa2d-45c2-be75-a3c3ceb114aa} - c:\windows\system32\bogopani.dll

O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\r6gjrtbe7.dll

O22 - SharedTaskScheduler: kupuhivus - {21f46e38-aa2d-45c2-be75-a3c3ceb114aa} - c:\windows\system32\bogopani.dll

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--

End of file - 22797 bytes

exehelper log

exeHelper by Raktor

Build 20091021

Run at 03:38:28 on 11/17/09

Now searching...

Checking for numerical processes...

Killed numerical process 97752030

Deleting file C:\Documents and Settings\All Users\Application Data\97752030\97752030.exe

Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\97752030

Killed numerical process 34270521

Deleting file C:\Documents and Settings\All Users\Application Data\34270521\34270521.exe

Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\34270521

Killed numerical process 51052013

Deleting file C:\Documents and Settings\All Users\Application Data\51052013\51052013.exe

Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\51052013

Killed numerical process 25777432

Deleting file C:\Documents and Settings\All Users\Application Data\25777432\25777432.exe

Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\25777432

Killed numerical process 26588635

Deleting file C:\Documents and Settings\All Users\Application Data\26588635\26588635.exe

Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\26588635

Killed numerical process 34270521

Killed numerical process 51052013

Killed numerical process 97752030

Killed numerical process 25777432

Killed numerical process 44567834

Deleting file C:\Documents and Settings\All Users\Application Data\44567834\44567834.exe

Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\44567834

Killed numerical process 79935134

Deleting file C:\Documents and Settings\All Users\Application Data\79935134\79935134.exe

Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\79935134

Killed numerical process 34270521

Killed numerical process 97752030

Killed numerical process 51052013

Killed numerical process 25777432

Killed numerical process 26588635

Killed numerical process 44567834

Killed numerical process 79935134

Killed numerical process 97752030

Killed numerical process 34270521

Killed numerical process 51052013

Killed numerical process 25777432

Killed numerical process 26588635

Killed numerical process 26588635

Killed numerical process 69895643

Deleting file C:\Documents and Settings\All Users\Application Data\69895643\69895643.exe

Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\69895643

Checking for bad processes...

Checking for bad files...

Deleting file C:\WINDOWS\system32\41.exe

Deleting file C:\WINDOWS\system32\critical_warning.html

Deleting file C:\WINDOWS\system32\calc.dll

Error deleting C:\WINDOWS\system32\calc.dll

Deleting file C:\Documents and Settings\OPERA\ntuser.dll

Deleting file C:\Documents and Settings\OPERA\Start Menu\Programs\Startup\scandisk.dll

Deleting file C:\Documents and Settings\OPERA\Start Menu\Programs\Startup\scandisk.lnk

Error deleting C:\Documents and Settings\OPERA\Start Menu\Programs\Startup\scandisk.lnk

Checking for bad registry entries...

Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced Virus Remover

Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc

Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

exeHelper by Raktor

Build 20091021

Run at 03:46:31 on 11/17/09

Now searching...

Checking for numerical processes...

Killed numerical process 44567834

Killed numerical process 44567834

Killed numerical process 25777432

Killed numerical process 34270521

Killed numerical process 51052013

Killed numerical process 97752030

Killed numerical process 25777432

Killed numerical process 34270521

Killed numerical process 51052013

Killed numerical process 97752030

Checking for bad processes...

Checking for bad files...

Deleting file C:\WINDOWS\system32\calc.dll

Error deleting C:\WINDOWS\system32\calc.dll

Deleting file C:\Documents and Settings\OPERA\ntuser.dll

Error deleting C:\Documents and Settings\OPERA\ntuser.dll

Deleting file C:\Documents and Settings\OPERA\Start Menu\Programs\Startup\scandisk.dll

Deleting file C:\Documents and Settings\OPERA\Start Menu\Programs\Startup\scandisk.lnk

Checking for bad registry entries...

Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc

Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

There are a lot of processes like "wxasc .exe", "notepad .exe", and .exes with numbers an letters.

I sincerely hope that I can get help with this.

Link to post
Share on other sites

Sorry, I forget to mention? Aside from all that you can't system restore either. Group policy blocked or some such. Will not start at all. Even in going to gpedit.msc you just can't get it to work. That was the only way I could figure out how to run Task Manager was by going to gpedit.msc. When I tried to run win32kdiag, nothing came up there either. The beginning processes but nothing would show up in the log at all. I'm really sorry for the trouble.

Link to post
Share on other sites

Success to me! Well, as it seems to be the case that symantecs was pretty much disabling anything and as much as I tried to fix it it was hard. I couldn't disable symantecs and I still can't. However, I did stop it from being a program that would auto run upon boot up in gpedit. This made it easier to get combofix Dled and run. When Combofix cleaned out some of the files that didn't allowed the computer to run mbam. After getting the fix with combofix I ran mbam and this is what I got as attachments. The first is the quickscan and the second is the full scan.

So while my internet on that computer isn't working, it seems everything else is in order. So this can be locked or deleted to avoid wasting server or forum space.

I do sincerely want to thank chamber and the people he tried to help fixing this similar problem. I wouldnt have been able to get anywhere on trying to fix it without the suggestions. THANKIES!

mbam_log_2009_11_20__02_18_29_.txt

mbam_log_2009_11_20__02_46_17_.txt

Link to post
Share on other sites

  • 4 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.