Little help required please

View previous topic View next topic Go down

Little help required please

Post by fubar1010 on Sun May 31, 2009 11:53 am

downloaded a video file and played through windows media player....wmp downloaded some codec forgot what called but i removed from add/remove programs urgently

since that happened when i go on to google and search for something i get the normal list of links for what i have searched....i then click on the 1st link and it opens up a new window (use to open in same window) but 1st time it goes to some site completley different i could search arsenal when i click that link for [You must be registered and logged in to see this link.] opens up a new window and goes to youtube and starts playing girls aloud Let me think or it will open up a myspace page (Gunsmoke) .....so firstly its opening up in a new windown leaving the 1st window with the searched items there ODD....and 2ndly its opening up random other sites strange...

i came to a site that said to download MALWAREBYTES click the link for it and get ERROR PAGE CANNOT BE FOUND
try bout 10 different links from 10 different places and all the same no page can be found...
installed malwarebytes finally and now wont open
installing spybot search and destroy from disc and from the internet...crashes laptop gives blue memory dump screen
went on microsoft website tryed download malicious software removal tool all i got was page cannot be found
i try install avg all i get is an error at the end
try open kaspersky links to download or install all i get is page not found
seems anything that will help remove whatever i got is blocked

any help would be appreciated many thanks in advance

any information required please ask i will get for you thanks

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by Belahzur on Sun May 31, 2009 12:57 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 5:01 pm

hi thanks for quick reply
i did as u said 1st time it crashed me to blue memory dump screen
2nd time it installed its there in program files etc
i double click it but it WONT open up Sad tearing

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by Belahzur on Sun May 31, 2009 5:13 pm

Find Hijack This inside the Trend Micro folder in Program Files.
Right click > Rename.

Rename it to whatever you want to, but doesn't what it's called.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 5:19 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:43, on 31/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\LISA4J~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Trend Micro\HijackThis\eatshit.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AEC3DE6-CA55-4741-9B18-3F7B52AAA50A}: NameServer = 85.255.112.69,85.255.112.209
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.69,85.255.112.209
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AEC3DE6-CA55-4741-9B18-3F7B52AAA50A}: NameServer = 85.255.112.69,85.255.112.209
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.69,85.255.112.209
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AEC3DE6-CA55-4741-9B18-3F7B52AAA50A}: NameServer = 85.255.112.69,85.255.112.209
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.69,85.255.112.209
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: Symantec Eraser Service (EraserSvc10910) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c9c348f584b505) (gupdate1c9c348f584b505) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8355 bytes

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by Origin on Sun May 31, 2009 5:55 pm


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
    O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2AEC3DE6-CA55-4741-9B18-3F7B52AAA50A}: NameServer = 85.255.112.69,85.255.112.209
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.69,85.255.112.209
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2AEC3DE6-CA55-4741-9B18-3F7B52AAA50A}: NameServer = 85.255.112.69,85.255.112.209
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.69,85.255.112.209
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2AEC3DE6-CA55-4741-9B18-3F7B52AAA50A}: NameServer = 85.255.112.69,85.255.112.209
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.69,85.255.112.209



  • Press "Fix Checked"
  • Close Hijack This.




1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See [You must be registered and logged in to see this link.] for how to disable your AV..

  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 6:20 pm

when i click on that combofix link it comes up to run or save i click save and nothing happens just closes the box
click run it goes as if going through then nothing happens

i did the other part fixed the ones with hijack this

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by Origin on Sun May 31, 2009 6:22 pm

Ok please do the following:



  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 6:24 pm

same happens with this

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by Origin on Sun May 31, 2009 6:28 pm

Alright let see if this works, if not we are going to be doing some things in safe mode Wink


1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 6:42 pm

that wouldnt work also so im guna download avenger on my pc and send to the laptop via msn and do it tht way


AVENGER done just waiting for reboot now and will grab the logfile for you Smile


Last edited by fubar1010 on Sun May 31, 2009 6:58 pm; edited 1 time in total (Reason for editing : save space :p)

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 7:05 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gxvxcserv.sys" found!
ImagePath: \systemroot\system32\drivers\gxvxccqipppmqfuxhuwiyfnmxwwkybeifmnxm.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by Belahzur on Sun May 31, 2009 7:21 pm

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
gxvxcserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\gxvxccqipppmqfuxhuwiyfnmxwwkybeifmnxm.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 7:41 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "gxvxcserv.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\gxvxccqipppmqfuxhuwiyfnmxwwkybeifmnxm.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by Belahzur on Sun May 31, 2009 7:47 pm

Hello.
Try running Combofix now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 8:20 pm

ComboFix 09-05-30.06 - lisa4jock 31/05/2009 21:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1133 [GMT 1:00]
Running from: c:\users\lisa4jock\Desktop\Combo-Fix.exe
AV: AVG 7.5.560 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
FW: AVG Firewall 7.5.500 *enabled* {8DECF618-9569-4340-B34A-D78D28969B66}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\system32\gxvxcngpvnpeeqfvcpsbroktnmesthcjqjtfb.dll
c:\windows\system32\gxvxcvuesoqkbleifplwrnqnhoboiwyubcqjb.dll
c:\windows\system32\x64
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 20:13 . 2009-05-31 20:14 -------- d-----w- c:\users\lisa4jock\AppData\Local\temp
2009-05-31 19:46 . 2009-05-31 19:46 24064 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\install.1\avgwlx64.dll
2009-05-31 19:46 . 2009-05-31 19:46 17928 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\install.1\avgclnit.sys
2009-05-31 19:46 . 2009-05-31 19:46 13832 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\install.1\avgcln64.sys
2009-05-31 19:46 . 2009-05-31 19:46 40448 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\install.1\avgwli64.dll
2009-05-31 19:46 . 2009-05-31 19:46 36352 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\install.1\avgsea64.dll
2009-05-31 19:33 . 2009-05-31 19:19 55304 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\backup\avgwfp.sys
2009-05-31 19:33 . 2009-05-31 19:19 905728 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\backup\avgctrl.dll
2009-05-31 19:33 . 2009-05-31 19:19 582656 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\backup\avgcckrn.dll
2009-05-31 19:33 . 2009-05-31 19:19 579072 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe
2009-05-31 19:33 . 2009-05-31 19:19 510976 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\backup\avginet.exe
2009-05-31 19:33 . 2009-05-31 19:19 389632 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\backup\avgvv.exe
2009-05-31 19:33 . 2009-05-31 19:19 131072 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\backup\avginet.dll
2009-05-31 19:33 . 2009-05-31 19:19 1282560 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\backup\avgres.dll
2009-05-31 19:33 . 2009-05-31 19:19 435712 ----a-w- c:\programdata\Grisoft\Avg7Data\avg7upd\backup\avgabout.dll
2009-05-31 19:20 . 2009-05-31 19:30 -------- d-----w- c:\users\lisa4jock\AppData\Roaming\AVG7
2009-05-31 19:20 . 2009-05-31 19:20 9216 ----a-w- c:\windows\system32\avgwlntf.dll
2009-05-31 19:19 . 2009-05-31 19:19 10760 ----a-w- c:\windows\system32\drivers\avgclean.sys
2009-05-31 19:19 . 2009-05-31 19:47 53768 ----a-w- c:\windows\system32\drivers\avgwfp.sys
2009-05-31 19:19 . 2009-05-31 19:19 821856 ----a-w- c:\windows\system32\drivers\avg7core.sys
2009-05-31 19:19 . 2009-05-31 19:19 4224 ----a-w- c:\windows\system32\drivers\avg7rsw.sys
2009-05-31 19:19 . 2009-05-31 19:19 27776 ----a-w- c:\windows\system32\drivers\avg7rsxp.sys
2009-05-31 19:19 . 2009-05-31 19:19 26952 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-31 19:19 . 2009-05-31 20:03 -------- d-----w- c:\programdata\avg7
2009-05-31 19:19 . 2009-05-31 19:19 -------- d-----w- c:\programdata\Grisoft
2009-05-31 16:53 . 2009-05-31 16:53 -------- d-----w- c:\program files\Trend Micro
2009-05-31 10:46 . 2009-05-31 10:46 -------- d-----w- c:\users\lisa4jock\AppData\Roaming\Lavasoft
2009-05-31 10:46 . 2009-05-31 10:46 -------- d-----w- c:\program files\Lavasoft
2009-05-31 10:42 . 2003-10-15 22:42 150528 ----a-w- c:\windows\unSpySweeper.exe
2009-05-31 10:42 . 2009-05-31 10:42 -------- d-----w- c:\program files\Webroot
2009-05-31 10:39 . 2009-05-31 10:39 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-31 10:34 . 2009-05-31 10:35 -------- d-----w- c:\program files\SpywareBlaster
2009-05-31 10:19 . 2009-05-31 10:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-28 23:57 . 2009-05-28 23:57 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-05-28 23:49 . 2009-05-28 23:49 -------- d-----w- c:\program files\AVG
2009-05-28 23:32 . 2009-05-28 23:32 -------- d-----w- c:\programdata\NortonInstaller
2009-05-22 16:59 . 2008-04-12 03:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-22 16:59 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-05-22 16:59 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-05-22 16:59 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-05-21 19:27 . 2009-05-21 19:27 -------- d-----w- C:\PerfLogs
2009-05-13 23:40 . 2009-05-13 23:40 -------- d-----w- c:\users\lisa4jock\AppData\Local\Activision
2009-05-13 23:35 . 2009-05-13 23:51 -------- d-----w- C:\cod waw
2009-05-13 23:33 . 2009-05-13 23:33 -------- d-----w- c:\program files\MagicISO
2009-05-13 20:30 . 2009-05-13 20:33 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-03 14:54 . 2009-05-28 11:11 -------- d-----w- c:\users\lisa4jock\AppData\Roaming\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 18:08 . 2009-04-19 20:16 -------- d-----w- c:\program files\TorrentMan
2009-05-31 11:17 . 2009-04-19 20:48 -------- d-----w- c:\program files\BearShare
2009-05-31 10:32 . 2009-04-19 17:52 -------- d-----w- c:\program files\Yahoo!
2009-05-27 12:30 . 2009-05-27 12:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-21 19:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-21 19:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-21 19:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-21 19:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-21 19:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-21 19:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-21 19:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-21 19:27 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-21 19:05 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-21 19:05 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-13 02:05 . 2007-07-26 03:06 -------- d-----w- c:\programdata\Microsoft Help
2009-04-30 15:28 . 2009-04-30 15:28 -------- d-----w- c:\program files\DFX
2009-04-30 13:29 . 2009-04-30 13:29 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-04-30 13:20 . 2009-04-30 13:20 -------- d-----w- c:\programdata\DFX
2009-04-30 13:20 . 2009-04-30 13:20 -------- d-----w- c:\program files\Common Files\DFX
2009-04-25 22:13 . 2009-04-25 22:13 782664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-04-22 12:51 . 2009-04-22 12:50 -------- d-----w- c:\program files\Google
2009-04-22 12:50 . 2009-04-22 12:50 -------- d-----w- c:\program files\DivX
2009-04-22 12:50 . 2009-04-22 12:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-22 12:31 . 2009-04-22 11:45 -------- d-----w- c:\users\lisa4jock\AppData\Roaming\vlc
2009-04-22 11:44 . 2009-04-22 11:44 -------- d-----w- c:\program files\VideoLAN
2009-04-22 08:56 . 2009-04-22 08:56 269312 ----a-w- c:\windows\system32\es.dll
2009-04-22 08:52 . 2007-07-26 03:10 -------- d-----w- c:\program files\Microsoft Works
2009-04-20 20:41 . 2009-04-20 20:41 1915520 ----a-w- c:\users\lisa4jock\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-04-20 11:02 . 2009-04-20 11:02 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-04-20 11:02 . 2009-04-20 11:02 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-04-20 11:02 . 2009-04-20 11:02 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-04-20 11:02 . 2009-04-20 11:02 272896 ----a-w- c:\windows\system32\polstore.dll
2009-04-20 10:59 . 2009-04-20 10:59 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-04-20 10:59 . 2009-04-20 10:59 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-04-20 10:59 . 2009-04-20 10:59 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-04-20 10:51 . 2009-04-20 10:51 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-04-20 10:50 . 2009-04-20 10:50 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-04-20 10:47 . 2009-04-20 10:47 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-20 10:46 . 2009-04-20 10:46 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-04-20 10:46 . 2009-04-20 10:46 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-04-20 10:43 . 2009-04-20 10:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-04-20 10:43 . 2009-04-20 10:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-20 10:43 . 2009-04-20 10:43 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-04-20 10:41 . 2009-04-20 10:41 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-04-20 10:40 . 2009-04-20 10:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-04-20 10:40 . 2009-04-20 10:40 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-04-20 02:29 . 2009-04-20 02:29 3 ----a-w- c:\windows\AFirst.cmd
2009-04-20 02:04 . 2009-04-20 02:04 2048 ----a-w- c:\windows\system32\tzres.dll
2009-04-20 02:02 . 2009-04-20 02:02 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-20 02:02 . 2009-04-20 02:02 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-20 02:00 . 2009-04-20 02:00 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-20 02:00 . 2009-04-20 02:00 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-04-20 02:00 . 2009-04-20 02:00 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-04-20 01:53 . 2009-04-20 01:53 2927104 ----a-w- c:\windows\explorer.exe
2009-04-20 01:45 . 2009-04-20 01:45 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2009-04-20 01:41 . 2009-04-20 01:41 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-04-20 01:41 . 2009-04-20 01:41 988216 ----a-w- c:\windows\system32\winload.exe
2009-04-20 01:41 . 2009-04-20 01:41 927288 ----a-w- c:\windows\system32\winresume.exe
2009-04-20 01:41 . 2009-04-20 01:41 40960 ----a-w- c:\windows\system32\srclient.dll
2009-04-20 01:41 . 2009-04-20 01:41 378368 ----a-w- c:\windows\system32\srcore.dll
2009-04-20 01:41 . 2009-04-20 01:41 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-04-20 01:41 . 2009-04-20 01:41 14848 ----a-w- c:\windows\system32\srdelayed.exe
2009-04-20 01:41 . 2009-04-20 01:41 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2009-04-20 01:41 . 2009-04-20 01:41 19000 ----a-w- c:\windows\system32\kd1394.dll
2009-04-20 01:41 . 2009-04-20 01:41 615992 ----a-w- c:\windows\system32\ci.dll
2009-04-20 01:35 . 2009-04-20 01:35 441400 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-04-20 01:35 . 2009-04-20 01:35 9728 ----a-w- c:\windows\system32\lsass.exe
2009-04-20 01:35 . 2009-04-20 01:35 72704 ----a-w- c:\windows\system32\secur32.dll
2009-04-20 01:35 . 2009-04-20 01:35 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-04-20 01:35 . 2009-04-20 01:35 24064 ----a-w- c:\windows\system32\amxread.dll
2009-04-20 01:35 . 2009-04-20 01:35 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-04-20 01:33 . 2009-04-20 01:33 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-04-20 01:33 . 2009-04-20 01:33 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-04-20 01:33 . 2009-04-20 01:33 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-04-20 01:30 . 2009-04-20 01:30 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-04-20 01:30 . 2009-04-20 01:30 37888 ----a-w- c:\windows\system32\printcom.dll
2009-04-20 01:29 . 2009-04-20 01:29 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-20 01:29 . 2009-04-20 01:29 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-04-20 01:26 . 2009-04-20 01:26 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-20 01:23 . 2009-04-20 01:23 268288 ----a-w- c:\windows\system32\schannel.dll
2009-04-20 01:19 . 2009-04-20 01:19 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-04-20 01:19 . 2009-04-20 01:19 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-04-20 01:19 . 2009-04-20 01:19 11264 ----a-w- c:\windows\system32\icardres.dll
2009-04-20 01:19 . 2009-04-20 01:19 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-20 01:19 . 2009-04-20 01:19 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-04-20 01:19 . 2009-04-20 01:19 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-04-20 01:19 . 2009-04-20 01:19 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-04-20 00:59 . 2009-04-20 00:59 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-04-20 00:59 . 2009-04-20 00:59 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-04-20 00:59 . 2009-04-20 00:59 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-04-20 00:59 . 2009-04-20 00:59 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-04-20 00:59 . 2009-04-20 00:59 83968 ----a-w- c:\windows\system32\mscories.dll
2009-04-20 00:28 . 2009-04-20 00:28 2868736 ----a-w- c:\windows\system32\mf.dll
2009-04-20 00:28 . 2009-04-20 00:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-04-20 00:28 . 2009-04-20 00:28 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-04-20 00:28 . 2009-04-20 00:28 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-04-20 00:28 . 2009-04-20 00:28 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-20 00:28 . 2009-04-20 00:28 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-04-20 00:28 . 2009-04-20 00:28 94720 ----a-w- c:\windows\system32\logagent.exe
2009-04-20 00:25 . 2009-04-20 00:25 84480 ----a-w- c:\windows\system32\INETRES.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 8:20 pm

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2004-02-25 665088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-05-31 590848]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2009-05-31 219136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-26 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2009-05-31 19:20 9216 ----a-w- c:\windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B865A331-0198-4E67-8AB0-0829040F707B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FFF9EBCC-F1FB-45DC-A85F-F986FB6DFA59}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{25F9255C-1FAF-4FA3-AC26-B879D92A7D65}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{53034FAF-AAE8-4C56-8FF6-E69489D0F6D0}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{32FA88CD-192C-4F63-987C-0D79E983CABF}"= UDP:6348:bearshare
"{CB2013E6-2A20-4A44-9A3C-7FCDE8A34ED2}"= UDP:c:\program files\BearShare\BearShare.exe:BearShare
"{E246F5EF-E3E1-4611-A971-8186B8B4F637}"= TCP:c:\program files\BearShare\BearShare.exe:BearShare
"{4CD597D5-5A45-4277-9877-B0316A6EA517}"= UDP:c:\users\lisa4jock\AppData\Local\Temp\7zSA06C.tmp\SymNRT.exe:Norton Removal Tool
"{349838E8-AF51-466D-8EED-A5D624D21C7B}"= TCP:c:\users\lisa4jock\AppData\Local\Temp\7zSA06C.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AVGFw2kv;AVG Firewall Service;c:\progra~1\Grisoft\AVG7\avgfw2kv.exe [31/05/2009 20:19 793600]
R3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\System32\drivers\avgwfp.sys [31/05/2009 20:19 53768]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26/07/2007 02:02 179712]
S2 EraserSvc10910;Symantec Eraser Service;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon --> c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [?]
S2 gupdate1c9c348f584b505;Google Update Service (gupdate1c9c348f584b505);c:\program files\Google\Update\GoogleUpdate.exe [22/04/2009 13:50 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-05-31 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 12:50]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-Acer Tour - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-31 21:14
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\System32\eNetHook.dll

- - - - - - - > 'lsass.exe'(704)
c:\windows\System32\eNetHook.dll
.
Completion time: 2009-05-31 21:15
ComboFix-quarantined-files.txt 2009-05-31 20:15

Pre-Run: 22,170,292,224 bytes free
Post-Run: 22,429,052,928 bytes free

283 --- E O F --- 2009-05-31 18:54

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by Belahzur on Sun May 31, 2009 8:27 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • BearShare
  • BitLord
  • TorrentMan
  • TorrentMan Toolbar

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
EraserSvc10910

Folder::
c:\program files\TorrentMan
c:\program files\BearShare
c:\program files\bitlord

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{25F9255C-1FAF-4FA3-AC26-B879D92A7D65}c:\\program files\\bitlord\\bitlord.exe"=-
"UDP Query User{53034FAF-AAE8-4C56-8FF6-E69489D0F6D0}c:\\program files\\bitlord\\bitlord.exe"=-
"{32FA88CD-192C-4F63-987C-0D79E983CABF}"=-
"{CB2013E6-2A20-4A44-9A3C-7FCDE8A34ED2}"=-
"{E246F5EF-E3E1-4611-A971-8186B8B4F637}"=-
"{4CD597D5-5A45-4277-9877-B0316A6EA517}"=-
"{349838E8-AF51-466D-8EED-A5D624D21C7B}"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 8:54 pm

ComboFix 09-05-30.06 - lisa4jock 31/05/2009 21:41.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1148 [GMT 1:00]
Running from: c:\users\lisa4jock\Desktop\Combo-Fix.exe
Command switches used :: c:\users\lisa4jock\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BearShare
c:\program files\BearShare\BearShare.dat
c:\program files\BearShare\db\config.bin
c:\program files\BearShare\db\gwebcache.dat
c:\program files\BearShare\db\Hostiles-Chat.txt
c:\program files\BearShare\db\Hostiles.txt
c:\program files\BearShare\db\library.2.db
c:\program files\BearShare\db\library.2.db.lastgoodload.bak
c:\program files\BearShare\db\library.db
c:\program files\BearShare\db\library.db.lastgoodload.bak
c:\program files\BearShare\db\searches.ini
c:\program files\BearShare\FreePeers.ini
c:\program files\BearShare\Logs\hosts-state.txt
c:\program files\BearShare\Logs\memory.txt
c:\program files\BearShare\Logs\ordinal.txt
c:\program files\BearShare\Logs\streams.txt
c:\program files\BearShare\Temp\TMPBSInstall5.2.5.1.dat
c:\program files\BearShare\Temp\TMPBSInstall5.2.5.1.dat.bak
c:\program files\bitlord
c:\program files\bitlord\Downloads\AlbumArtSmall.jpg
c:\program files\bitlord\Downloads\Angels and Demons (2009) ENGLISH CAM XviD-MAXSPEED\Angels and Demons (2009) ENGLISH CAM XviD-MAXSPEED\Angels and Demons (2009) ENGLISH CAM XviD-MAXSPEED [You must be registered and logged in to see this link.]
c:\program files\bitlord\Downloads\AVG Antivirus+Firewall & Anti-Spyware [AVG Internet Security]\AVG Serial.txt
c:\program files\bitlord\Downloads\AVG Antivirus+Firewall & Anti-Spyware [AVG Internet Security]\avg75f_516a1225.exe
c:\program files\bitlord\Downloads\AVG Antivirus+Firewall & Anti-Spyware [AVG Internet Security]\avgas-setup-7.5.1.43.exe
c:\program files\bitlord\Downloads\AVG Antivirus+Firewall & Anti-Spyware [AVG Internet Security]\Instruction.txt
c:\program files\bitlord\Downloads\AVG Antivirus+Firewall & Anti-Spyware [AVG Internet Security]\SSG keygen.exe
c:\program files\bitlord\Downloads\AVG Internet Security 8.0 + serial (EXPIRES YEAR 2018) (CLEAN) [blaze69]\avg_iswt_stf_all_8_199a1387.exe
c:\program files\bitlord\Downloads\AVG Internet Security 8.0 + serial (EXPIRES YEAR 2018) (CLEAN) [blaze69]\Serial.txt
c:\program files\bitlord\Downloads\City.Rats.2009.DVDRip.XviD-GFW.[[You must be registered and logged in to see this link.]
c:\program files\bitlord\Downloads\dexter season 3\Dexter.S03E01.REAL.PROPER.HDTV.XviD-aAF.avi
c:\program files\bitlord\Downloads\dexter season 3\Dexter.S03E02.HDTV.XviD-0TV.avi
c:\program files\bitlord\Downloads\dexter season 3\Dexter.S03E03.HDTV.XviD-NoTV.avi
c:\program files\bitlord\Downloads\dexter season 3\Dexter.S03E04.HDTV.XviD-0TV.[VTV].avi
c:\program files\bitlord\Downloads\dexter season 3\Dexter.S03E05.HDTV.XviD-0TV.avi
c:\program files\bitlord\Downloads\dexter season 3\Dexter.S03E06.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\dexter season 3\Dexter.S03E07.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\dexter season 3\Dexter.S03E08.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\dexter season 3\Dexter.S03E09.HDTV.XviD-0TV.avi
c:\program files\bitlord\Downloads\dexter season 3\Dexter.S03E10.HDTV.XviD-0TV.avi
c:\program files\bitlord\Downloads\dexter season 3\Dexter.S03E11.HDTV.XviD-aAF.avi
c:\program files\bitlord\Downloads\dexter season 3\Dexter.S03E12.HDTV.XviD-aAF.avi
c:\program files\bitlord\Downloads\Dexter.S01\dexter.105.hdtv.xvid-notv.avi
c:\program files\bitlord\Downloads\Dexter.S01\dexter.106.hdtv-lol.avi
c:\program files\bitlord\Downloads\Dexter.S01\dexter.107.hdtv-lol.avi
c:\program files\bitlord\Downloads\Dexter.S01\dexter.108.hdtv-lol.avi
c:\program files\bitlord\Downloads\Dexter.S01\dexter.109.hdtv-lol.avi
c:\program files\bitlord\Downloads\Dexter.S01\dexter.110.hdtv-lol.avi
c:\program files\bitlord\Downloads\Dexter.S01\Dexter.111.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\Dexter.S01\dexter.112.hdtv-lol.avi
c:\program files\bitlord\Downloads\Dexter.S01\ehthumbs_vista.db
c:\program files\bitlord\Downloads\ehthumbs_vista.db
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E03.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E04.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E05.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E06.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E07.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E08.HDTV.XvID-NoTV.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E09.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E10.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E11.Everybody.Hates.Mr.Levine.HDTV.XviD-FQM.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E12.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E13.HDTV.XviD-NoTV.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E15.HDTV.XviD-NoTV.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E16.Everybody.Hates.Lasagna.HDTV.XviD-FQM.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E17.Everybody.Hates.Spring.Break.HDTV.XviD-FQM.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E18.Everybody.Hates.the.Car.HDTV.XviD-FQM.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E19.Everybody.Hates.Back.Talk.HDTV.XviD-FQM.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E20.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E21.HDTV.XviD-2HD.avi
c:\program files\bitlord\Downloads\everybody hates chris\Everybody.Hates.Chris.S04E22.HDTV.XviD-LOL.avi
c:\program files\bitlord\Downloads\Folder.jpg
c:\program files\bitlord\Downloads\Gnaw.2009.DVDRIP.XviD\Gnaw.2009.DVDRIP.XviD-ZEKTORM.avi
c:\program files\bitlord\Downloads\Laid.To.Rest.2009.DVDRip.XviD\Laid.To.Rest.2009.DVDRip.XviD-MoH.avi
c:\program files\bitlord\Downloads\Lost.S05.A.Journey.In.Time.Recap.Special.HDTV.XviD-2HD.avi
c:\program files\bitlord\Downloads\The Devils Tomb 2009 dvd rip XviD.Rets\The Devils Tomb\The Devils Tomb 2009.avi
c:\program files\bitlord\lang\lang_ar_ae.xml
c:\program files\bitlord\lang\lang_bg_bg.xml
c:\program files\bitlord\lang\lang_ca_es.xml
c:\program files\bitlord\lang\lang_cz_cz.xml
c:\program files\bitlord\lang\lang_da_dk.xml
c:\program files\bitlord\lang\lang_de_de.xml
c:\program files\bitlord\lang\lang_el_gr.xml
c:\program files\bitlord\lang\lang_en_us.xml
c:\program files\bitlord\lang\lang_es_ar.xml
c:\program files\bitlord\lang\lang_es_es.xml
c:\program files\bitlord\lang\lang_et_ee.xml
c:\program files\bitlord\lang\lang_fi_fi.xml
c:\program files\bitlord\lang\lang_fr_fr.xml
c:\program files\bitlord\lang\lang_gl_es.xml
c:\program files\bitlord\lang\lang_he_il.xml
c:\program files\bitlord\lang\lang_hu_hu.xml
c:\program files\bitlord\lang\lang_it_it.xml
c:\program files\bitlord\lang\lang_jp_jp.xml
c:\program files\bitlord\lang\lang_ko_kr.xml
c:\program files\bitlord\lang\lang_nb_no.xml
c:\program files\bitlord\lang\lang_nl_nl.xml
c:\program files\bitlord\lang\lang_pl_pl.xml
c:\program files\bitlord\lang\lang_pt_br.xml
c:\program files\bitlord\lang\lang_pt_pt.xml
c:\program files\bitlord\lang\lang_ro_ro.xml
c:\program files\bitlord\lang\lang_ru_ru.xml
c:\program files\bitlord\lang\lang_sk_sk.xml
c:\program files\bitlord\lang\lang_sl_si.xml
c:\program files\bitlord\lang\lang_sr_sr.xml
c:\program files\bitlord\lang\lang_sv_se.xml
c:\program files\bitlord\lang\lang_th_th.xml
c:\program files\bitlord\lang\lang_tr_tr.xml
c:\program files\bitlord\lang\lang_va_es.xml
c:\program files\bitlord\lang\lang_zh_tw.xml
c:\program files\bitlord\rules\ipfilter.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_EraserSvc10910


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 20:44 . 2009-05-31 20:47 -------- d-----w- c:\users\lisa4jock\AppData\Local\temp
2009-05-31 20:26 . 2009-05-31 20:26 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-31 20:26 . 2009-05-31 20:26 12936 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-05-31 20:26 . 2009-05-31 20:26 90632 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-31 20:26 . 2009-05-31 20:26 98440 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-31 20:26 . 2009-05-31 20:26 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-31 20:25 . 2009-05-31 20:25 -------- d-----w- c:\windows\LastGood.Tmp
2009-05-31 20:25 . 2009-05-31 20:25 -------- d-----w- c:\programdata\avg8
2009-05-31 19:19 . 2009-05-31 20:26 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-31 16:53 . 2009-05-31 16:53 -------- d-----w- c:\program files\Trend Micro
2009-05-31 10:46 . 2009-05-31 10:46 -------- d-----w- c:\users\lisa4jock\AppData\Roaming\Lavasoft
2009-05-31 10:46 . 2009-05-31 10:46 -------- d-----w- c:\program files\Lavasoft
2009-05-31 10:42 . 2003-10-15 22:42 150528 ----a-w- c:\windows\unSpySweeper.exe
2009-05-31 10:42 . 2009-05-31 10:42 -------- d-----w- c:\program files\Webroot
2009-05-31 10:39 . 2009-05-31 10:39 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-31 10:34 . 2009-05-31 10:35 -------- d-----w- c:\program files\SpywareBlaster
2009-05-31 10:19 . 2009-05-31 10:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-28 23:57 . 2009-05-28 23:57 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-05-28 23:49 . 2009-05-28 23:49 -------- d-----w- c:\program files\AVG
2009-05-28 23:32 . 2009-05-28 23:32 -------- d-----w- c:\programdata\NortonInstaller
2009-05-22 16:59 . 2008-04-12 03:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-22 16:59 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-05-22 16:59 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-05-22 16:59 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-05-21 19:27 . 2009-05-21 19:27 -------- d-----w- C:\PerfLogs
2009-05-13 23:40 . 2009-05-13 23:40 -------- d-----w- c:\users\lisa4jock\AppData\Local\Activision
2009-05-13 23:35 . 2009-05-13 23:51 -------- d-----w- C:\cod waw
2009-05-13 23:33 . 2009-05-13 23:33 -------- d-----w- c:\program files\MagicISO
2009-05-13 20:30 . 2009-05-13 20:33 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-03 14:54 . 2009-05-28 11:11 -------- d-----w- c:\users\lisa4jock\AppData\Roaming\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 8:54 pm

2009-05-31 10:32 . 2009-04-19 17:52 -------- d-----w- c:\program files\Yahoo!
2009-05-27 12:30 . 2009-05-27 12:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-21 19:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-21 19:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-21 19:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-21 19:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-21 19:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-21 19:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-21 19:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-21 19:27 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-21 19:05 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-21 19:05 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-13 02:05 . 2007-07-26 03:06 -------- d-----w- c:\programdata\Microsoft Help
2009-04-30 15:28 . 2009-04-30 15:28 -------- d-----w- c:\program files\DFX
2009-04-30 13:29 . 2009-04-30 13:29 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-04-30 13:20 . 2009-04-30 13:20 -------- d-----w- c:\programdata\DFX
2009-04-30 13:20 . 2009-04-30 13:20 -------- d-----w- c:\program files\Common Files\DFX
2009-04-25 22:13 . 2009-04-25 22:13 782664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-04-22 12:51 . 2009-04-22 12:50 -------- d-----w- c:\program files\Google
2009-04-22 12:50 . 2009-04-22 12:50 -------- d-----w- c:\program files\DivX
2009-04-22 12:50 . 2009-04-22 12:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-22 12:31 . 2009-04-22 11:45 -------- d-----w- c:\users\lisa4jock\AppData\Roaming\vlc
2009-04-22 11:44 . 2009-04-22 11:44 -------- d-----w- c:\program files\VideoLAN
2009-04-22 08:56 . 2009-04-22 08:56 269312 ----a-w- c:\windows\system32\es.dll
2009-04-22 08:52 . 2007-07-26 03:10 -------- d-----w- c:\program files\Microsoft Works
2009-04-20 20:41 . 2009-04-20 20:41 1915520 ----a-w- c:\users\lisa4jock\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-04-20 11:02 . 2009-04-20 11:02 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-04-20 11:02 . 2009-04-20 11:02 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-04-20 11:02 . 2009-04-20 11:02 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-04-20 11:02 . 2009-04-20 11:02 272896 ----a-w- c:\windows\system32\polstore.dll
2009-04-20 10:59 . 2009-04-20 10:59 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-04-20 10:59 . 2009-04-20 10:59 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-04-20 10:59 . 2009-04-20 10:59 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-04-20 10:51 . 2009-04-20 10:51 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-04-20 10:50 . 2009-04-20 10:50 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-04-20 10:47 . 2009-04-20 10:47 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-20 10:46 . 2009-04-20 10:46 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-04-20 10:46 . 2009-04-20 10:46 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-04-20 10:43 . 2009-04-20 10:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-04-20 10:43 . 2009-04-20 10:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-20 10:43 . 2009-04-20 10:43 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-04-20 10:41 . 2009-04-20 10:41 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-04-20 10:40 . 2009-04-20 10:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-04-20 10:40 . 2009-04-20 10:40 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-04-20 02:29 . 2009-04-20 02:29 3 ----a-w- c:\windows\AFirst.cmd
2009-04-20 02:04 . 2009-04-20 02:04 2048 ----a-w- c:\windows\system32\tzres.dll
2009-04-20 02:02 . 2009-04-20 02:02 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-20 02:02 . 2009-04-20 02:02 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-20 02:00 . 2009-04-20 02:00 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-20 02:00 . 2009-04-20 02:00 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-04-20 02:00 . 2009-04-20 02:00 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-04-20 01:53 . 2009-04-20 01:53 2927104 ----a-w- c:\windows\explorer.exe
2009-04-20 01:45 . 2009-04-20 01:45 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2009-04-20 01:41 . 2009-04-20 01:41 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-04-20 01:41 . 2009-04-20 01:41 988216 ----a-w- c:\windows\system32\winload.exe
2009-04-20 01:41 . 2009-04-20 01:41 927288 ----a-w- c:\windows\system32\winresume.exe
2009-04-20 01:41 . 2009-04-20 01:41 40960 ----a-w- c:\windows\system32\srclient.dll
2009-04-20 01:41 . 2009-04-20 01:41 378368 ----a-w- c:\windows\system32\srcore.dll
2009-04-20 01:41 . 2009-04-20 01:41 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-04-20 01:41 . 2009-04-20 01:41 14848 ----a-w- c:\windows\system32\srdelayed.exe
2009-04-20 01:41 . 2009-04-20 01:41 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2009-04-20 01:41 . 2009-04-20 01:41 19000 ----a-w- c:\windows\system32\kd1394.dll
2009-04-20 01:41 . 2009-04-20 01:41 615992 ----a-w- c:\windows\system32\ci.dll
2009-04-20 01:35 . 2009-04-20 01:35 441400 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-04-20 01:35 . 2009-04-20 01:35 9728 ----a-w- c:\windows\system32\lsass.exe
2009-04-20 01:35 . 2009-04-20 01:35 72704 ----a-w- c:\windows\system32\secur32.dll
2009-04-20 01:35 . 2009-04-20 01:35 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-04-20 01:35 . 2009-04-20 01:35 24064 ----a-w- c:\windows\system32\amxread.dll
2009-04-20 01:35 . 2009-04-20 01:35 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-04-20 01:33 . 2009-04-20 01:33 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-04-20 01:33 . 2009-04-20 01:33 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-04-20 01:33 . 2009-04-20 01:33 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-04-20 01:30 . 2009-04-20 01:30 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-04-20 01:30 . 2009-04-20 01:30 37888 ----a-w- c:\windows\system32\printcom.dll
2009-04-20 01:29 . 2009-04-20 01:29 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-20 01:29 . 2009-04-20 01:29 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-04-20 01:26 . 2009-04-20 01:26 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-20 01:23 . 2009-04-20 01:23 268288 ----a-w- c:\windows\system32\schannel.dll
2009-04-20 01:19 . 2009-04-20 01:19 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-04-20 01:19 . 2009-04-20 01:19 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-04-20 01:19 . 2009-04-20 01:19 11264 ----a-w- c:\windows\system32\icardres.dll
2009-04-20 01:19 . 2009-04-20 01:19 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-20 01:19 . 2009-04-20 01:19 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-04-20 01:19 . 2009-04-20 01:19 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-04-20 01:19 . 2009-04-20 01:19 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-04-20 00:59 . 2009-04-20 00:59 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-04-20 00:59 . 2009-04-20 00:59 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-04-20 00:59 . 2009-04-20 00:59 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-04-20 00:59 . 2009-04-20 00:59 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-04-20 00:59 . 2009-04-20 00:59 83968 ----a-w- c:\windows\system32\mscories.dll
2009-04-20 00:28 . 2009-04-20 00:28 2868736 ----a-w- c:\windows\system32\mf.dll
2009-04-20 00:28 . 2009-04-20 00:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-04-20 00:28 . 2009-04-20 00:28 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-04-20 00:28 . 2009-04-20 00:28 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-04-20 00:28 . 2009-04-20 00:28 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-20 00:28 . 2009-04-20 00:28 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-04-20 00:28 . 2009-04-20 00:28 94720 ----a-w- c:\windows\system32\logagent.exe
2009-04-20 00:25 . 2009-04-20 00:25 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-04-20 00:25 . 2009-04-20 00:25 738304 ----a-w- c:\windows\system32\inetcomm.dll
2009-04-20 00:24 . 2009-04-20 00:24 1645568 ----a-w- c:\windows\system32\connect.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-31 20:25 . 2009-05-31 20:25 23832 c:\windows\System32\DriverStore\FileRepository\avgfwfd6.inf_ca037d13\avgfwd6x.sys
- 2009-04-19 17:46 . 2009-05-31 19:40 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-19 17:46 . 2009-05-31 20:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-19 17:46 . 2009-05-31 19:40 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-19 17:46 . 2009-05-31 20:32 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-19 17:46 . 2009-05-31 19:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-19 17:46 . 2009-05-31 20:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:25 . 2009-05-31 20:25 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-05-29 00:05 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-05-31 20:25 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-05-29 00:05 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-05-29 00:05 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-05-31 20:25 143360 c:\windows\inf\infstrng.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 8:55 pm

Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2004-02-25 665088]
"Acer Tour Reminder"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-31 1235736]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-26 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B865A331-0198-4E67-8AB0-0829040F707B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FFF9EBCC-F1FB-45DC-A85F-F986FB6DFA59}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{68FA17A7-FD22-4046-9662-845DCFC34EDE}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{B8B1F74A-5B40-4021-A031-ADDD0F19B3F4}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{2733DF70-8194-4A9C-8109-A0802AC1FADB}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{0CB2FD28-F1DD-4FCD-B4EF-81BD94E646FA}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [31/05/2009 21:26 12936]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [29/05/2009 00:57 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [31/05/2009 21:26 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [31/05/2009 21:26 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [31/05/2009 21:26 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31/05/2009 21:25 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [31/05/2009 21:26 1212184]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26/07/2007 02:02 179712]
S2 gupdate1c9c348f584b505;Google Update Service (gupdate1c9c348f584b505);c:\program files\Google\Update\GoogleUpdate.exe [22/04/2009 13:50 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGTDIX
.
Contents of the 'Scheduled Tasks' folder

2009-05-31 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 12:50]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-31 21:47
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3436)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Launch Manager\LManager.exe
c:\users\LISA4J~1\AppData\Local\temp\RtkBtMnt.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\ePower\ePower_DMC.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-05-31 21:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 20:51
ComboFix2.txt 2009-05-31 20:15

Pre-Run: 23,657,050,112 bytes free
Post-Run: 23,380,676,608 bytes free

424 --- E O F --- 2009-05-31 18:54

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by Belahzur on Sun May 31, 2009 9:08 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 9:14 pm

am i doing this and leaving combofix to run again?

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by Belahzur on Sun May 31, 2009 9:36 pm

The /u uninstalls Combofix, it shouldn't need to run again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 9:45 pm

sorry haha
when i was doing that it confused me because it was bringing up warning message that avg internet security was running etc

its uninstalled now avg is is installed a.virus/firewall,anti-spam,internet security etc all up and running smoothly

all seems back to normal and perfectly fine many thanks for the help guys done a brilliant job 12 out of 10 Smile GREAT ******

1 more question tho
running 1 of the programs when uninstalling BITLORD i lost my films etc they have gone BUT the space on my hard drive is still taken up as if they where there :s

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by Origin on Sun May 31, 2009 9:49 pm

Hope Belahzur doesn't mind me stepping in,

Glad to hear everything is running well Wink

The reason that maybe is because they still maybe in your downloads folder located here:

C:\Documents and Settings\COMPUTERNAME\My Documents\Downloads

Check to see if they are still there so you can delete them



Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Sun May 31, 2009 10:00 pm

nope cant find them anywhere little odd but sure they will turn up somewhere

thanks for the advice i have successfully installed spywareblaster spybot search and destroy adaware and avg internet security 8.0 with firewall etc etc

many thanks to you guys for helping posted good feedback for you guys
dont mean in bad way hope to not see u guys any time soon ;) haha keep up the good work

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Fri Jun 05, 2009 1:43 pm

hi only me again Smile
right as i have said above i removed bitlord from the laptop and still cannot find these damn downloads even tho my drive is still as full as it was so they obviously somewere i even redownloaded bitlord see if they would magically pop up but no such luck can anyone help me find them please would be much appreciated Smile

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by Belahzur on Fri Jun 05, 2009 1:49 pm

Uninstall BitLord again.

If BitLord is anything like uTorrent, the avi/whatever type files maybe gone, but even after uninstalling a torrent program, the folder in Application Data gets left behind with the recorded .torrent files in there, and the .torrent files are the same size as the movie.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Fri Jun 05, 2009 1:51 pm

so where will these files be so i can delete them thanks


oh and any chance you could look over my question in software please Smile

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

Re: Little help required please

Post by Belahzur on Fri Jun 05, 2009 2:02 pm

Sure, I'll check that now and see if I can do anything. Usually Doc answers post in the Software/other areas.

If it's anywhere, it should be here.

C:\Documents and setitngs\YOUR USERNAME\Application Data\BitLord

You won't be able to see the Application Data folder because it's a hidden system folder, so you'll need to show hidden files, do you know how to do that?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Little help required please

Post by fubar1010 on Fri Jun 05, 2009 2:49 pm

cant even get to documents and settings folder cant see it anywhere new to vista so im lost trying to find it haha

fubar1010
Intermediate
Intermediate

Status :
Online
Offline

Posts : 90
Joined : 2009-05-31
Gender : Male
OS : windows vista home premium

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum