cyzpro Posted December 22, 2008 ID:41434 Share Posted December 22, 2008 I downloaded Malwarebytes and update it yesterday. Malwarebytes found a lot of trojans . My pc is acting normal. I can not find the infected files on my pc. My pc is showing hidden files and folders.I attached Malwarebytes log and Panda Activescan log.Somehow this website does not allow me to upload Hijackthis log so I posted belowLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:31:05 AM, on 12/22/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\COMODO\CBOClean\BOC427.EXEC:\Program Files\IOGEAR\DigitalScribe.exeC:\Program Files\Evernote\Evernote3\EvernoteTray.exeC:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exeC:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\IOGEAR\PegRoute.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Admin\Downloads\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)O2 - BHO: JavaActiveScan.txtmbam_log_2008_12_21__22_51_08_.txtActiveScan.txtmbam_log_2008_12_21__22_51_08_.txt Link to post Share on other sites More sharing options...
Tigger93 Posted December 30, 2008 ID:43535 Share Posted December 30, 2008 Hi there. Sorry for the delay. Do you still require assistance? If so, please post a new HJT log and post the active scan and malwarebytes log, do not attach them. Link to post Share on other sites More sharing options...
cyzpro Posted January 1, 2009 Author ID:43950 Share Posted January 1, 2009 Yes, I still need help.************************************Malwarebytes scan log*************************************Malwarebytes' Anti-Malware 1.31Database version: 1580Windows 6.0.6001 Service Pack 112/31/2008 7:22:08 PMmbam-log-2008-12-31 (19-22-03).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 100017Time elapsed: 1 hour(s), 32 minute(s), 34 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 62Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Users\Default\Application Data\Google\kjzna1562565.exe (Trojan.FakeAlert) -> No action taken.C:\Users\Default\Application Data\Google\spcffwl.dll (Trojan.FakeAlert) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> No action taken.C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken.C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\TempImages\IIEPRS.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\TempImages\IIEPR.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> No action taken.C:\Users\Default\My Documents\My Secret.fold (Backdoor.Bot) -> No action taken.C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> No action taken.C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> No action taken.C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken.C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> No action taken.C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> No action taken.C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken.C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> No action taken.C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> No action taken.C:\Users\Default\Application Data\install.exe (Rogue.SpyProtector) -> No action taken.C:\Users\Default\Application Data\shellex.dll (Rogue.SpyProtector) -> No action taken.C:\Users\Default\Application Data\srcss.exe (Rogue.SpyProtector) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe (Rogue.InternetAntivirus) -> No action taken.***************************hijackthis log***********************************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:33:13 PM, on 12/31/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\COMODO\CBOClean\BOC427.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Mozilla Firefox\firefox.exeD:\Downloads\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"O4 - HKLM\..\Run: [batteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exeO4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeO4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -hO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exeO4 - HKCU\..\Run: [Digital Scribe] C:\Program Files\IOGEAR\DigitalScribe.exe -silentO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Startup: Evernote.lnk = C:\Program Files\Evernote\Evernote3\EvernoteTray.exeO4 - Startup: TK8 EasyNote.lnk = C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dllO9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dllO13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dllO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exeO23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeO23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe--End of file - 6568 bytes******************************Panda Activescan log**********************************;***********************************************************************************************************************************************************************************ANALYSIS: 2008-12-31 20:11:31PROTECTIONS: 1MALWARE: 10SUSPECTS: 0;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================Windows Defender 1.1.4205.0 No No;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@doubleclick[1].txt00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@doubleclick[1].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@atdmt[2].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[2].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[2].txt00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@fastclick[2].txt00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@fastclick[1].txt00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@mediaplex[2].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ad.yieldmanager[1].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad.yieldmanager[1].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.yieldmanager[2].txt00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@apmebf[2].txt00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@apmebf[2].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advertising[1].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ads.pointroll[1].txt00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@adrevolver[1].txt00431194 Adware/AdsRevenue Adware No 0 Yes No C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KKST6Q9O\mm[1].js;===================================================================================================================================================================================SUSPECTSSent Location 0C5;===================================================================================================================================================================================;===================================================================================================================================================================================VULNERABILITIESId Severity Description 0C5;===================================================================================================================================================================================;=================================================================================================================================================================================== Link to post Share on other sites More sharing options...
Tigger93 Posted January 1, 2009 ID:43951 Share Posted January 1, 2009 Your not removing any of the infections found. You need to allow MBAM to remove them. Please do that and post the log back. Link to post Share on other sites More sharing options...
cyzpro Posted January 2, 2009 Author ID:44130 Share Posted January 2, 2009 I did not let MBAM remove these infected file because I can not located these files in the C drive in the first place, even after I let the pc to show hidden files. MBAM found these infected files after doing heuristic virus detection.Very strange? I scan the pc again. I let MBAM remove the infected files this time, the MBAM ask to restart pc and stated infected file will be deleted on reboot. But MBAM found same files again and the log file stated no action was taken***********************************mbam log below*****************************Malwarebytes' Anti-Malware 1.31Database version: 1590Windows 6.0.6001 Service Pack 11/1/2009 7:03:34 PMmbam-log-2009-01-01 (19-03-19)Scan type: Full Scan (C:\|D:\|)Objects scanned: 101105Time elapsed: 1 hour(s), 34 minute(s), 36 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 62Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Users\Default\Application Data\Google\kjzna1562565.exe (Trojan.FakeAlert) -> No action taken.C:\Users\Default\Application Data\Google\spcffwl.dll (Trojan.FakeAlert) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> No action taken.C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken.C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\TempImages\IIEPRS.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\TempImages\IIEPR.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> No action taken.C:\Users\Default\My Documents\My Secret.fold (Backdoor.Bot) -> No action taken.C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> No action taken.C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> No action taken.C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken.C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> No action taken.C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> No action taken.C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken.C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> No action taken.C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> No action taken.C:\Users\Default\Application Data\install.exe (Rogue.SpyProtector) -> No action taken.C:\Users\Default\Application Data\shellex.dll (Rogue.SpyProtector) -> No action taken.C:\Users\Default\Application Data\srcss.exe (Rogue.SpyProtector) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe (Rogue.InternetAntivirus) -> No action taken.***********************hijackthis log***********************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:24:35 PM, on 1/1/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\COMODO\CBOClean\BOC427.EXEC:\Program Files\IOGEAR\DigitalScribe.exeC:\Program Files\Evernote\Evernote3\EvernoteTray.exeC:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exeC:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\IOGEAR\PegRoute.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\explorer.exeD:\Downloads\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"O4 - HKLM\..\Run: [batteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exeO4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeO4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -hO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exeO4 - HKCU\..\Run: [Digital Scribe] C:\Program Files\IOGEAR\DigitalScribe.exe -silentO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Startup: Evernote.lnk = C:\Program Files\Evernote\Evernote3\EvernoteTray.exeO4 - Startup: TK8 EasyNote.lnk = C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exeO8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dllO9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dllO13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dllO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exeO23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeO23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe--End of file - 6769 bytes Link to post Share on other sites More sharing options...
cyzpro Posted January 2, 2009 Author ID:44133 Share Posted January 2, 2009 oops, how do I delete my previous post? I post same thing twice. Link to post Share on other sites More sharing options...
Tigger93 Posted January 2, 2009 ID:44141 Share Posted January 2, 2009 I've removed them for you. The files do exist, they are likely being cloaked by a rootkit. Let's check to see if you have one.Download The Avenger by Swandog46 from here.Unzip/extract it to a folder on your desktop.Double click on avenger.exe to run The Avenger.Click OK.Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.Files to delete:C:\WINDOWS\system32\drivers\TDSSmqlt.sys C:\windows\system32\drivers\tdssserv.sysC:\WINDOWS\system32\drivers\TDSSmact.sysC:\WINDOWS\system32\drivers\TDSSrvdc.sys C:\WINDOWS\system32\TDSSwpyd.dat C:\WINDOWS\system32\TDSStkdv.log C:\WINDOWS\system32\TDSSotxb.dll C:\WINDOWS\system32\TDSScrrn.dll C:\WINDOWS\system32\TDSSbvqh.dll C:\WINDOWS\system32\TDSSjnmx.dllc:\windows\system32\TDSShrxr.dllc:\windows\system32\TDSSkkbi.logc:\windows\system32\TDSSlrvd.datc:\windows\system32\TDSSlxwp.dllc:\windows\system32\TDSSnmxh.logc:\windows\system32\TDSSoiqt.dllc:\windows\system32\TDSSrhyp.logc:\windows\system32\TDSSrtqp.dllc:\windows\system32\TDSSsihc.dllc:\windows\system32\TDSSxfum.dllC:\WINDOWS\SYSTEM32\qoMfefde.dll Drivers to delete:tdssserv Registry keys to delete:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sysHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sysHKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssservHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssservHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata HKEY_LOCAL_MACHINE\SOFTWARE\tdss HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERVIn the avenger window, click the Paste Script from Clipboard icon, button. :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.Click the Execute button.You will be asked Are you sure you want to execute the current script?.Click Yes.You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.Click Yes.Your PC will now be rebooted.Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply. Link to post Share on other sites More sharing options...
cyzpro Posted January 2, 2009 Author ID:44248 Share Posted January 2, 2009 Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform: Windows Vista*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!Error: file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" not found!Deletion of file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\windows\system32\drivers\tdssserv.sys" not found!Deletion of file "C:\windows\system32\drivers\tdssserv.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\system32\drivers\TDSSmact.sys" not found!Deletion of file "C:\WINDOWS\system32\drivers\TDSSmact.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\system32\drivers\TDSSrvdc.sys" not found!Deletion of file "C:\WINDOWS\system32\drivers\TDSSrvdc.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\system32\TDSSwpyd.dat" not found!Deletion of file "C:\WINDOWS\system32\TDSSwpyd.dat" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\system32\TDSStkdv.log" not found!Deletion of file "C:\WINDOWS\system32\TDSStkdv.log" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\system32\TDSSotxb.dll" not found!Deletion of file "C:\WINDOWS\system32\TDSSotxb.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\system32\TDSScrrn.dll" not found!Deletion of file "C:\WINDOWS\system32\TDSScrrn.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\system32\TDSSbvqh.dll" not found!Deletion of file "C:\WINDOWS\system32\TDSSbvqh.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\system32\TDSSjnmx.dll" not found!Deletion of file "C:\WINDOWS\system32\TDSSjnmx.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "c:\windows\system32\TDSShrxr.dll" not found!Deletion of file "c:\windows\system32\TDSShrxr.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "c:\windows\system32\TDSSkkbi.log" not found!Deletion of file "c:\windows\system32\TDSSkkbi.log" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "c:\windows\system32\TDSSlrvd.dat" not found!Deletion of file "c:\windows\system32\TDSSlrvd.dat" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "c:\windows\system32\TDSSlxwp.dll" not found!Deletion of file "c:\windows\system32\TDSSlxwp.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "c:\windows\system32\TDSSnmxh.log" not found!Deletion of file "c:\windows\system32\TDSSnmxh.log" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "c:\windows\system32\TDSSoiqt.dll" not found!Deletion of file "c:\windows\system32\TDSSoiqt.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "c:\windows\system32\TDSSrhyp.log" not found!Deletion of file "c:\windows\system32\TDSSrhyp.log" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "c:\windows\system32\TDSSrtqp.dll" not found!Deletion of file "c:\windows\system32\TDSSrtqp.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "c:\windows\system32\TDSSsihc.dll" not found!Deletion of file "c:\windows\system32\TDSSsihc.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "c:\windows\system32\TDSSxfum.dll" not found!Deletion of file "c:\windows\system32\TDSSxfum.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "C:\WINDOWS\SYSTEM32\qoMfefde.dll" not found!Deletion of file "C:\WINDOWS\SYSTEM32\qoMfefde.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv" not found!Deletion of driver "tdssserv" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" not found!Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existCompleted script processing.*******************Finished! Terminate. Link to post Share on other sites More sharing options...
cyzpro Posted January 2, 2009 Author ID:44249 Share Posted January 2, 2009 I try to get into Safe Mode to scan hard drive but nothing happens when I press and hold F8 Key. Link to post Share on other sites More sharing options...
Tigger93 Posted January 2, 2009 ID:44255 Share Posted January 2, 2009 Download The Avenger by Swandog46 from here.Unzip/extract it to a folder on your desktop.Double click on avenger.exe to run The Avenger.Click OK.Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.Files to delete:C:\Users\Default\Application Data\Google\kjzna1562565.exeC:\Users\Default\Application Data\Google\spcffwl.dllC:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exeC:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.iniC:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exeC:\Users\Default\Application Data\install.exeC:\Users\Default\Application Data\shellex.dllC:\Users\Default\Application Data\srcss.exeC:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exeC:\Users\Default\Local Settings\Application Data\anesuzenyp.binC:\Users\Default\Local Settings\Application Data\igyzih._syC:\Users\Default\Local Settings\Application Data\naciveg.regC:\Users\Default\Local Settings\Application Data\ubuqicuho.binC:\Users\Default\Local Settings\Application Data\zokawi.libC:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exeC:\Users\Default\Local Settings\Apps\2.0\srw94.exeC:\Users\Default\Cookies\bumo.regC:\Users\Default\Cookies\jababug.infC:\Users\Default\Local Settings\Application Data\ycuc.libC:\Users\Default\Local Settings\Application Data\bokefa.batC:\Users\Default\Local Settings\Application Data\sytetuf.sysC:\Users\Default\Local Settings\Application Data\vege.banC:\Users\Default\Local Settings\Application Data\xyzunore.dlC:\Users\Default\Local Settings\Application Data\zyfotydyjo.exeC:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scrC:\Users\Default\Local Settings\Application Data\anok.batC:\Users\Default\Local Settings\Application Data\ewabutovah.dlC:\Users\Default\Local Settings\Application Data\fibaw.banC:\Users\Default\Local Settings\Application Data\ybikohe.vbsC:\Users\Default\Cookies\uwux.exeC:\Users\Default\Cookies\jiceji._syC:\Users\Default\Cookies\esycire._dlC:\Users\Default\Local Settings\Application Data\igutymyko.banC:\Users\Default\Local Settings\Application Data\ymuxag.comC:\Users\Default\Cookies\syssp.exeC:\Users\Default\Local Settings\Application Data\comrepl.exeC:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exeC:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exeC:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exeC:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exeC:\Users\Default\Cookies\MM2048.DATC:\Users\Default\Cookies\MM256.DATC:\Users\Default\Local Settings\TempImages\IIEPRS.exeC:\Users\Default\Local Settings\TempImages\IIEPR.exeC:\Users\Default\Local Settings\alg.exeC:\Users\Default\Local Settings\Application Data\sec3.exeC:\Users\Default\Local Settings\Application Data\xacsceib.exeC:\Users\Default\Local Settings\Application Data\cftmon.exeC:\Users\Default\Local Settings\Application Data\Windowsupdate.exeC:\Users\Default\Local Settings\Application Data\spool.exeC:\Users\Default\My Documents\My Secret.foldC:\Users\Default\My Documents\My Music\New Song.laguC:\Users\Default\My Documents\My Music\Video.vidzC:\Users\Default\My Documents\My Pictures\aweks.pikzC:\Users\Default\My Documents\My Pictures\seram.pikzC:\Users\Default\My Documents\My Music\My Music.urlC:\Users\Default\My Documents\My Pictures\My Pictures.urlC:\Users\Default\My Documents\My Videos\My Video.urlC:\Users\Default\My Documents\My Documents.urlC:\Users\Default\my documents\work9\bhobj\bhobj.dllC:\Users\Default\Local Settings\Temp\_check32.batIn the avenger window, click the Paste Script from Clipboard icon, button. :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.Click the Execute button.You will be asked Are you sure you want to execute the current script?.Click Yes.You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.Click Yes.Your PC will now be rebooted.Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply. Link to post Share on other sites More sharing options...
cyzpro Posted January 2, 2009 Author ID:44279 Share Posted January 2, 2009 Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform: Windows Vista*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!Error: could not open file "C:\Users\Default\Application Data\Google\kjzna1562565.exe"Deletion of file "C:\Users\Default\Application Data\Google\kjzna1562565.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Application Data\Google\spcffwl.dll"Deletion of file "C:\Users\Default\Application Data\Google\spcffwl.dll" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini"Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Application Data\install.exe"Deletion of file "C:\Users\Default\Application Data\install.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Application Data\shellex.dll"Deletion of file "C:\Users\Default\Application Data\shellex.dll" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Application Data\srcss.exe"Deletion of file "C:\Users\Default\Application Data\srcss.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin"Deletion of file "C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\igyzih._sy"Deletion of file "C:\Users\Default\Local Settings\Application Data\igyzih._sy" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\naciveg.reg"Deletion of file "C:\Users\Default\Local Settings\Application Data\naciveg.reg" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin"Deletion of file "C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\zokawi.lib"Deletion of file "C:\Users\Default\Local Settings\Application Data\zokawi.lib" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Apps\2.0\srw94.exe"Deletion of file "C:\Users\Default\Local Settings\Apps\2.0\srw94.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Cookies\bumo.reg"Deletion of file "C:\Users\Default\Cookies\bumo.reg" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Cookies\jababug.inf"Deletion of file "C:\Users\Default\Cookies\jababug.inf" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\ycuc.lib"Deletion of file "C:\Users\Default\Local Settings\Application Data\ycuc.lib" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\bokefa.bat"Deletion of file "C:\Users\Default\Local Settings\Application Data\bokefa.bat" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\sytetuf.sys"Deletion of file "C:\Users\Default\Local Settings\Application Data\sytetuf.sys" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\vege.ban"Deletion of file "C:\Users\Default\Local Settings\Application Data\vege.ban" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\xyzunore.dl"Deletion of file "C:\Users\Default\Local Settings\Application Data\xyzunore.dl" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr"Deletion of file "C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\anok.bat"Deletion of file "C:\Users\Default\Local Settings\Application Data\anok.bat" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\ewabutovah.dl"Deletion of file "C:\Users\Default\Local Settings\Application Data\ewabutovah.dl" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\fibaw.ban"Deletion of file "C:\Users\Default\Local Settings\Application Data\fibaw.ban" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\ybikohe.vbs"Deletion of file "C:\Users\Default\Local Settings\Application Data\ybikohe.vbs" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Cookies\uwux.exe"Deletion of file "C:\Users\Default\Cookies\uwux.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Cookies\jiceji._sy"Deletion of file "C:\Users\Default\Cookies\jiceji._sy" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Cookies\esycire._dl"Deletion of file "C:\Users\Default\Cookies\esycire._dl" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\igutymyko.ban"Deletion of file "C:\Users\Default\Local Settings\Application Data\igutymyko.ban" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\ymuxag.com"Deletion of file "C:\Users\Default\Local Settings\Application Data\ymuxag.com" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Cookies\syssp.exe"Deletion of file "C:\Users\Default\Cookies\syssp.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\comrepl.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\comrepl.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Cookies\MM2048.DAT"Deletion of file "C:\Users\Default\Cookies\MM2048.DAT" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Cookies\MM256.DAT"Deletion of file "C:\Users\Default\Cookies\MM256.DAT" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\TempImages\IIEPRS.exe"Deletion of file "C:\Users\Default\Local Settings\TempImages\IIEPRS.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\TempImages\IIEPR.exe"Deletion of file "C:\Users\Default\Local Settings\TempImages\IIEPR.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\alg.exe"Deletion of file "C:\Users\Default\Local Settings\alg.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\sec3.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\sec3.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\xacsceib.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\xacsceib.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\cftmon.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\cftmon.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Application Data\spool.exe"Deletion of file "C:\Users\Default\Local Settings\Application Data\spool.exe" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\My Documents\My Secret.fold"Deletion of file "C:\Users\Default\My Documents\My Secret.fold" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\My Documents\My Music\New Song.lagu"Deletion of file "C:\Users\Default\My Documents\My Music\New Song.lagu" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\My Documents\My Music\Video.vidz"Deletion of file "C:\Users\Default\My Documents\My Music\Video.vidz" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\My Documents\My Pictures\aweks.pikz"Deletion of file "C:\Users\Default\My Documents\My Pictures\aweks.pikz" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\My Documents\My Pictures\seram.pikz"Deletion of file "C:\Users\Default\My Documents\My Pictures\seram.pikz" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\My Documents\My Music\My Music.url"Deletion of file "C:\Users\Default\My Documents\My Music\My Music.url" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\My Documents\My Pictures\My Pictures.url"Deletion of file "C:\Users\Default\My Documents\My Pictures\My Pictures.url" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\My Documents\My Videos\My Video.url"Deletion of file "C:\Users\Default\My Documents\My Videos\My Video.url" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\My Documents\My Documents.url"Deletion of file "C:\Users\Default\My Documents\My Documents.url" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\my documents\work9\bhobj\bhobj.dll"Deletion of file "C:\Users\Default\my documents\work9\bhobj\bhobj.dll" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "C:\Users\Default\Local Settings\Temp\_check32.bat"Deletion of file "C:\Users\Default\Local Settings\Temp\_check32.bat" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existCompleted script processing.*******************Finished! Terminate. Link to post Share on other sites More sharing options...
Tigger93 Posted January 3, 2009 ID:44289 Share Posted January 3, 2009 That's interesting. Could you update Malwarebytes, run another scan and post the log? Link to post Share on other sites More sharing options...
cyzpro Posted January 3, 2009 Author ID:44294 Share Posted January 3, 2009 I don't understand why log file stated "no action taken", I remember log file stated files will be delete on reboot.****************************log file**************************Malwarebytes' Anti-Malware 1.31Database version: 1597Windows 6.0.6001 Service Pack 11/2/2009 7:40:19 PMmbam-log-2009-01-02 (19-39-49).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 101321Time elapsed: 1 hour(s), 33 minute(s), 14 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 62Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Users\Default\Application Data\Google\kjzna1562565.exe (Trojan.FakeAlert) -> No action taken.C:\Users\Default\Application Data\Google\spcffwl.dll (Trojan.FakeAlert) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> No action taken.C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken.C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\TempImages\IIEPRS.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\TempImages\IIEPR.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> No action taken.C:\Users\Default\My Documents\My Secret.fold (Backdoor.Bot) -> No action taken.C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> No action taken.C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> No action taken.C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken.C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> No action taken.C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> No action taken.C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> No action taken.C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken.C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> No action taken.C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken.C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> No action taken.C:\Users\Default\Application Data\install.exe (Rogue.SpyProtector) -> No action taken.C:\Users\Default\Application Data\shellex.dll (Rogue.SpyProtector) -> No action taken.C:\Users\Default\Application Data\srcss.exe (Rogue.SpyProtector) -> No action taken.C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe (Rogue.InternetAntivirus) -> No action taken. Link to post Share on other sites More sharing options...
Tigger93 Posted January 3, 2009 ID:44296 Share Posted January 3, 2009 None of those files exist. This is likely a bug with Malwarebytes, I will get back to you after contacting a developer. Link to post Share on other sites More sharing options...
Tigger93 Posted January 3, 2009 ID:44298 Share Posted January 3, 2009 Click on the More Tools tab and select Collect Information. It will generate a log file, please post it and also send a message to Rubber Ducky once you have. Link to post Share on other sites More sharing options...
cyzpro Posted January 3, 2009 Author ID:44303 Share Posted January 3, 2009 I force my pc into safe mode by using msconfig, and no infected files was found. My laptop is LG E300. Even though I am in USA I think this laptop has Vista(Canada version) because this laptop was make for Canada market. ***************safe mode log******************Malwarebytes' Anti-Malware 1.31Database version: 1597Windows 6.0.6001 Service Pack 11/2/2009 8:21:00 PMmbam-log-2009-01-02 (20-21-00).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 109848Time elapsed: 13 minute(s), 23 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)****************************collect info**********************************Malwarebytes' Anti-Malware 1.31Database version: 1597Executable location: C:\Program Files\Malwarebytes' Anti-MalwareDatabase location: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.refUsername: AdminWindows folder: C:\WindowsSystem folder: C:\Windows\system32Root drive: C:Program Files: C:\Program FilesCommon Files: C:\Program Files\Common FilesDesktop: C:\Users\Admin\DesktopDesktop: C:\Users\Default\DesktopDesktop: C:\Users\Guest\DesktopDesktop: C:\Users\Public\DesktopStart Menu: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start MenuStart Menu: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start MenuStart Menu: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start MenuStart Menu: C:\ProgramData\Microsoft\Windows\Start MenuUser Root: C:\Users\AdminUser Root: C:\Users\DefaultUser Root: C:\Users\GuestUser Root: C:\Users\PublicFavorite: C:\Users\Admin\FavoritesFavorite: C:\Users\Default\FavoritesFavorite: C:\Users\Guest\FavoritesFavorite: C:\Users\Public\FavoritesApplication Data: C:\Users\Admin\AppData\RoamingApplication Data: C:\Users\Default\AppData\RoamingApplication Data: C:\Users\Guest\AppData\RoamingApplication Data: C:\ProgramDataQuick Launch: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick LaunchQuick Launch: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick LaunchQuick Launch: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick LaunchTemporary Folder: C:\Users\Admin\AppData\Local\TempTemporary Folder: C:\Users\Default\AppData\Local\TempTemporary Folder: C:\Users\Guest\AppData\Local\TempTemporary Folder: C:\Windows\Temp Link to post Share on other sites More sharing options...
cyzpro Posted January 6, 2009 Author ID:45372 Share Posted January 6, 2009 ******HJT log in safe mode*****************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:19:25 AM, on 1/6/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: Safe modeRunning processes:C:\Windows\Explorer.EXED:\Downloads\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"O4 - HKLM\..\Run: [batteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exeO4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeO4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -hO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exeO4 - HKCU\..\Run: [Digital Scribe] C:\Program Files\IOGEAR\DigitalScribe.exe -silentO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Startup: Evernote.lnk = C:\Program Files\Evernote\Evernote3\EvernoteTray.exeO4 - Startup: TK8 EasyNote.lnk = C:\Users\Admin\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exeO8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dllO9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dllO13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dllO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exeO23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeO23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe--End of file - 5756 bytes Link to post Share on other sites More sharing options...
Tigger93 Posted January 6, 2009 ID:45450 Share Posted January 6, 2009 You aren't infected. Please contact via PM Rubber Ducky so we can help get this bug fixed. Link to post Share on other sites More sharing options...
Recommended Posts