Computer Hope
Software => Computer viruses and spyware => Topic started by: abcdefg... on March 17, 2009, 11:13:52 PM
-
Hey, please help me.
I have a virus on my computer. Everytime i try to open an application/program it comes up with an error message saying:
svchost.exe - Application error
The instruction at "0x75606e6a" referenced memory at "0x00000008". The memory could not be "read". Click on OK to terminate the program.
I am unable to open nearly all of my programs, including Internet explorer, windows media player, system restore, disc defragmentation, etc. Whenever I try to, my CPU usage goes way up to 100% and the error message keeps on coming up until I close the program. The only thing that i can get working is Microsoft Word.
I think I got the virus when I was trying to download a keygen for Eset antivirus. ><"
I have followed the steps outlined and downloaded the necessary software, but SUPER Antispyware.exe refuses to install and the error message pops up, and Malwarebytes' Anti-Malware refuses to respond when i try to open it.
Here is my log from HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:57 PM, on 18/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://memberservices.optuszoo.com.au/login/?target=/myusage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [zHideWin] E:\acehide\AceHideFree.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215680164406
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{881FAE1E-A6EE-4364-8E51-5B422AEB9BCD}: NameServer = 85.255.112.22,85.255.112.130
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.22,85.255.112.130
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.22,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.22,85.255.112.130
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8280 bytes
Can someone please help me?? Thanks heaps in advance.
-
Hey, please help me.
I have a virus on my computer. Everytime i try to open an application/program it comes up with an error message saying:
svchost.exe - Application error
The instruction at "0x75606e6a" referenced memory at "0x00000008". The memory could not be "read". Click on OK to terminate the program.
I am unable to open nearly all of my programs, including Internet explorer, windows media player, system restore, disc defragmentation, etc. Whenever I try to, my CPU usage goes way up to 100% and the error message keeps on coming up until I close the program. The only thing that i can get working is Microsoft Word.
I think I got the virus when I was trying to download a keygen for Eset antivirus. ><"
I have followed the steps outlined and downloaded the necessary software, but SUPER Antispyware.exe refuses to install and the error message pops up, and Malwarebytes' Anti-Malware refuses to respond when i try to open it.
Here is my log from HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:57 PM, on 18/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://memberservices.optuszoo.com.au/login/?target=/myusage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [zHideWin] E:\acehide\AceHideFree.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215680164406
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{881FAE1E-A6EE-4364-8E51-5B422AEB9BCD}: NameServer = 85.255.112.22,85.255.112.130
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.22,85.255.112.130
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.22,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.22,85.255.112.130
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8280 bytes
Can someone please help me?? Thanks heaps in advance.
-
OMG!!! It worked! Thanks a GAAAAZZZIIILLIIOOOONNNNN!!!!
I am now surfing the net on my own comp! whhheehhheeehheee
THANKS! THANKS! THANKS
;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D
-
gonzo98 and mr tee.
We do not just throw tools at problems at Computer Hope so do not have users run tools you are not trained to use. ComboFix can easily do as much damage as it seems to do good and we do not want users coming here and getting dangerous advice.
Have them use tha malware removal guide posted at the top of this forum.
Thank you.
mr tee. You need to chill out. You constant posting and not adding anything useful to help threads is getting old and fast.
-
@ abcdefg...
Please post the ComboFix log. There is a copy of it saved in C:\combofix.txt
-
Evilfantasy:
Here is my ComboFix log:
ComboFix 09-03-15.01 - Winnie 2009-03-18 21:29:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.759.502 [GMT 11:00]
Running from: F:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\recycler\S-2-0-64-100021194-100031354-100004016-9777.com
c:\windows\system32\drivers\gaopdxucbfamdbwwykssipyvanrdbmprqxnkhb.sys
c:\windows\system32\drivers\gaopdxxfqpxudriyrpuhrmqsntypevrowprwit.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxuyabrfqxotewletxmtjfcuwkienhqvsp.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.
2009-03-18 15:55 . 2009-03-18 15:55 <DIR> d-------- c:\program files\Trend Micro
2009-03-18 15:52 . 2009-03-18 15:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 15:52 . 2009-03-18 15:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 15:52 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 15:52 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 15:39 . 2009-03-18 15:39 <DIR> d-------- c:\program files\CCleaner
2009-03-16 17:07 . 2009-03-16 17:07 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-16 17:07 . 2009-03-16 17:07 <DIR> d-------- c:\program files\AVG
2009-03-16 17:07 . 2009-03-18 21:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-16 17:07 . 2009-03-16 17:07 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-16 17:07 . 2009-03-16 17:07 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-16 17:07 . 2009-03-16 17:07 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-15 16:31 . 2009-03-15 16:31 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-15 16:27 . 2009-03-15 16:27 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-22 00:11 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-02-22 00:11 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-02-22 00:11 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-02-22 00:11 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 05:00 --------- d-----w c:\program files\Warcraft III
2009-01-15 01:29 1,132 ----a-w c:\documents and settings\Incomplete\downloads.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-16 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-16 618496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-30 118784]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-12-05 196670]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-10-15 237568]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-16 1932568]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-12 503869]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-06-20 08:03 110592 c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-16 17:07 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-16 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-16 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-16 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-16 298264]
R3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\windows\system32\drivers\wA301b.sys [2008-07-09 33847]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53fa4c74-7501-11dd-8fee-000cf1323ca4}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a2b17fc-4dad-11dd-8f84-000cf1323ca4}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ab91bbf-5edb-11dd-8fb7-000cf1323ca4}]
\shelL\aUtopLaY\CoMMaNd - nubq.cmd
\shelL\AutoRun\command - nubq.cmd
\shelL\eXplOrE\CommaNd - nubq.cmd
\shelL\OpEn\COmmand - nubq.cmd
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-zHideWin - e:\acehide\AceHideFree.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
.
------- Supplementary Scan -------
.
uStart Page = https://memberservices.optuszoo.com.au/login/?target=/myusage/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 21:30:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????W????|?????? ?`?B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\LgNotify.dll
.
Completion time: 2009-03-18 21:32:18
ComboFix-quarantined-files.txt 2009-03-18 10:32:12
Pre-Run: 2,152,062,976 bytes free
Post-Run: 2,142,625,792 bytes free
136
So far, my computer has been running like before and the only problem I am experiencing is with my Internet browser. I have included the details in a new post:
http://www.computerhope.com/forum/index.php/topic,79268.msg522220.html#msg522220
Can you please help me?
-
So far, my computer has been running like before and the only problem I am experiencing is with my Internet browser. I have included the details in a new post:
Your computer is still infected.
Let's clean all of the malware and then see what problems still remain.
F:\ComboFix.exe
Please delete ComboFix from it's current location and download the new version directly too your desktop. ComboFix should always be placed on the desktop.
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
DO NOT run it yet!
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ab91bbf-5edb-11dd-8fb7-000cf1323ca4}]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply. <- Save the log and post it along with the other logs.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
----------
Download Malwarebytes' Anti-Malware (MBAM) (http://www.besttechie.net/tools/mbam-setup.exe)
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and Paste the entire report in your next reply.
.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
----------
Now run a new HijackThis scan and post that log along with the ComboFix and MBAM logs.
-
I have done as you said, but it still doesnt work. Here are my logs:
ComboFix 09-03-18.01 - Winnie 2009-03-20 6:51:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.759.458 [GMT 11:00]
Running from: c:\documents and settings\Winnie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Winnie\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.
2009-03-19 19:39 . 2009-03-19 19:39 268 --ah----- C:\sqmdata00.sqm
2009-03-19 19:39 . 2009-03-19 19:39 244 --ah----- C:\sqmnoopt00.sqm
2009-03-18 22:34 . 2009-03-18 22:34 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-18 22:34 . 2009-03-18 22:34 <DIR> d-------- c:\documents and settings\Winnie\Application Data\SUPERAntiSpyware.com
2009-03-18 22:34 . 2009-03-18 22:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-18 22:33 . 2009-03-18 22:33 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-18 22:32 . 2009-03-18 22:32 <DIR> d-------- c:\documents and settings\Winnie\Application Data\Malwarebytes
2009-03-18 21:23 . 2009-03-18 23:27 <DIR> d-------- c:\program files\ComboFix
2009-03-18 15:55 . 2009-03-18 15:55 <DIR> d-------- c:\program files\Trend Micro
2009-03-18 15:52 . 2009-03-18 15:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 15:52 . 2009-03-18 15:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 15:52 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 15:52 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 15:39 . 2009-03-18 15:39 <DIR> d-------- c:\program files\CCleaner
2009-03-16 17:07 . 2009-03-16 17:07 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-16 17:07 . 2009-03-16 17:07 <DIR> d-------- c:\program files\AVG
2009-03-16 17:07 . 2009-03-18 21:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-16 17:07 . 2009-03-16 17:07 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-16 17:07 . 2009-03-16 17:07 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-16 17:07 . 2009-03-16 17:07 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-15 16:31 . 2009-03-15 16:31 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-15 16:27 . 2009-03-15 16:27 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-22 00:11 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-02-22 00:11 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-02-22 00:11 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-02-22 00:11 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 05:00 --------- d-----w c:\program files\Warcraft III
2009-01-15 01:29 1,132 ----a-w c:\documents and settings\Incomplete\downloads.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-16 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-16 618496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-30 118784]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-12-05 196670]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-10-15 237568]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-16 1932568]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-12 503869]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-06-20 08:03 110592 c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-16 17:07 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-16 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-16 107912]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-16 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-16 298264]
R3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\windows\system32\drivers\wA301b.sys [2008-07-09 33847]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53fa4c74-7501-11dd-8fee-000cf1323ca4}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a2b17fc-4dad-11dd-8f84-000cf1323ca4}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
uStart Page = https://memberservices.optuszoo.com.au/login/?target=/myusage/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 06:55:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?8?7?6??????? ?`?B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LgNotify.dll
c:\windows\system32\msv1_0.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\1XConfig.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-03-20 6:58:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-19 19:58:22
Pre-Run: 2,000,035,840 bytes free
Post-Run: 2,034,290,688 bytes free
147
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:27 PM, on 20/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://memberservices.optuszoo.com.au/login/?target=/myusage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215680164406
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 7748 bytes
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 2
20/03/2009 4:33:01 PM
mbam-log-2009-03-20 (16-33-01).txt
Scan type: Quick Scan
Objects scanned: 63216
Time elapsed: 4 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Download Dial-a-Fix (http://wiki.djlizard.net/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles) by djlizard, save it to the desktop then extract it to it's own folder.
- Open the folder and run Dial-a-fix.exe
- 2 windows will open. Close the one in the background labeled Restrictive Policies
- Check the box in section 1, Empty temp folders.
- Check the box in section 2, Fix Windows Installer.
- Check the box in section 3, Fix Windows Update.
- Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
- Check all boxes in section 5, labeled Registration Center.
- Click Go
- OK any error messages if received, but write them down and post them here.
- Restart the computer when done.
.
Is the problem fixed?
-
No, it still doesnt work. There were no errors found when I ran Dial-a-Fix. When I tried to open IE, it keeps on getting redirected to the error page.
Here is my Dial-a-Fix log:
Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
[email protected] and include a copy of this log
DAF version: v0.60.0.24
--- System info ---
OS: Microsoft Windows XP Service Pack 2
IE version: 7.0.5730.11
MPC: 55274-640
CPU: Intel(R) Pentium(R) M processor 1500MHz (~600MHz)
BIOS: 12/03/2005
Memory (approx): 759MB
Uptime: 0 hour(s)
Current directory: C:\Documents and Settings\Winnie\Desktop\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24
---
21/03/2009 9:23:13 AM -- Dial-a-fix : [v0.60.0.24] -- started
9:23:13 AM | Policy scan started
9:23:13 AM | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
9:24:35 AM | Deleting C:\Documents and Settings\Winnie\Local Settings\temp...
9:24:36 AM | C:\Documents and Settings\Winnie\Local Settings\temp could not be completely emptied, please reboot and try again
9:24:36 AM | Deleting C:\WINDOWS\temp...
9:24:36 AM | C:\WINDOWS\temp has been re-created
9:24:36 AM | Deleting C:\DOCUME~1\Winnie\LOCALS~1\Temp...
9:24:36 AM | C:\DOCUME~1\Winnie\LOCALS~1\Temp could not be completely emptied, please reboot and try again
--- MSI ---
9:24:39 AM | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
9:24:49 AM | Unregistered: C:\WINDOWS\system32\msxml.dll
9:24:49 AM | Registered: C:\WINDOWS\system32\msxml.dll
9:24:56 AM | Unregistered: C:\WINDOWS\system32\msxml2.dll
9:24:57 AM | Registered: C:\WINDOWS\system32\msxml2.dll
9:24:57 AM | Unregistered: C:\WINDOWS\system32\msxml3.dll
9:24:57 AM | Registered: C:\WINDOWS\system32\msxml3.dll
9:24:58 AM | Unregistered: C:\WINDOWS\system32\qmgr.dll
9:24:58 AM | Registered: C:\WINDOWS\system32\qmgr.dll
9:24:58 AM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
9:24:58 AM | Registered: C:\WINDOWS\system32\qmgrprxy.dll
9:24:58 AM | Unregistered: C:\WINDOWS\system32\winhttp.dll
9:24:58 AM | Registered: C:\WINDOWS\system32\winhttp.dll
9:24:58 AM | Registered: C:\WINDOWS\system32\wuapi.dll
9:24:58 AM | Unregistered: C:\WINDOWS\system32\wuaueng.dll
9:25:00 AM | Registered: C:\WINDOWS\system32\wuaueng.dll
9:25:00 AM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
9:25:00 AM | Registered: C:\WINDOWS\system32\wuaueng1.dll
9:25:00 AM | Unregistered: C:\WINDOWS\system32\wucltui.dll
9:25:00 AM | Registered: C:\WINDOWS\system32\wucltui.dll
9:25:00 AM | Unregistered: C:\WINDOWS\system32\wups.dll
9:25:00 AM | Registered: C:\WINDOWS\system32\wups.dll
9:25:00 AM | Unregistered: C:\WINDOWS\system32\wups2.dll
9:25:00 AM | Registered: C:\WINDOWS\system32\wups2.dll
9:25:00 AM | Unregistered: C:\WINDOWS\system32\wuweb.dll
9:25:00 AM | Registered: C:\WINDOWS\system32\wuweb.dll
9:25:00 AM | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
9:25:13 AM | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
9:25:17 AM | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
9:25:17 AM | Registered: C:\WINDOWS\system32\cryptdlg.dll
9:25:18 AM | Unregistered: C:\WINDOWS\system32\cryptui.dll
9:25:18 AM | Registered: C:\WINDOWS\system32\cryptui.dll
9:25:18 AM | Unregistered: C:\WINDOWS\system32\cryptext.dll
9:25:18 AM | Registered: C:\WINDOWS\system32\cryptext.dll
9:25:18 AM | Unregistered: C:\WINDOWS\system32\dssenh.dll
9:25:18 AM | Registered: C:\WINDOWS\system32\dssenh.dll
9:25:18 AM | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
9:25:18 AM | Registered: C:\WINDOWS\system32\gpkcsp.dll
9:25:19 AM | Unregistered: C:\WINDOWS\system32\initpki.dll
9:25:55 AM | Registered: C:\WINDOWS\system32\initpki.dll
9:25:56 AM | Unregistered: C:\WINDOWS\system32\licdll.dll
9:25:56 AM | Registered: C:\WINDOWS\system32\licdll.dll
9:25:56 AM | Unregistered: C:\WINDOWS\system32\mssign32.dll
9:25:56 AM | Registered: C:\WINDOWS\system32\mssign32.dll
9:25:57 AM | Unregistered: C:\WINDOWS\system32\mssip32.dll
9:25:57 AM | Registered: C:\WINDOWS\system32\mssip32.dll
9:25:57 AM | Unregistered: C:\WINDOWS\system32\scardssp.dll
9:25:57 AM | Registered: C:\WINDOWS\system32\scardssp.dll
9:25:57 AM | Unregistered: C:\WINDOWS\system32\sccbase.dll
9:25:57 AM | Registered: C:\WINDOWS\system32\sccbase.dll
9:25:57 AM | Unregistered: C:\WINDOWS\system32\scecli.dll
9:25:58 AM | Registered: C:\WINDOWS\system32\scecli.dll
9:25:58 AM | Unregistered: C:\WINDOWS\system32\softpub.dll
9:25:58 AM | Registered: C:\WINDOWS\system32\softpub.dll
9:25:58 AM | Unregistered: C:\WINDOWS\system32\slbcsp.dll
9:25:58 AM | Registered: C:\WINDOWS\system32\slbcsp.dll
9:25:59 AM | Unregistered: C:\WINDOWS\system32\regwizc.dll
9:25:59 AM | Registered: C:\WINDOWS\system32\regwizc.dll
9:25:59 AM | Unregistered: C:\WINDOWS\system32\rsaenh.dll
9:25:59 AM | Registered: C:\WINDOWS\system32\rsaenh.dll
9:25:59 AM | Unregistered: C:\WINDOWS\system32\winhttp.dll
9:25:59 AM | Registered: C:\WINDOWS\system32\winhttp.dll
9:25:59 AM | Unregistered: C:\WINDOWS\system32\wintrust.dll
9:25:59 AM | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
9:26:00 AM | Registered: C:\WINDOWS\system32\acelpdec.ax
9:26:00 AM | Registered: C:\WINDOWS\system32\actxprxy.dll
9:26:00 AM | Registered: C:\WINDOWS\system32\asctrls.ocx
9:26:00 AM | Registered: C:\WINDOWS\system32\daxctle.ocx
9:26:01 AM | Registered: C:\WINDOWS\system32\hhctrl.ocx
9:26:01 AM | Registered: C:\WINDOWS\system32\l3codecx.ax
9:26:01 AM | Registered: C:\WINDOWS\system32\licmgr10.dll
9:26:01 AM | Registered: C:\WINDOWS\system32\mpg4ds32.ax
9:26:04 AM | Registered: C:\WINDOWS\system32\msdxm.ocx
9:26:04 AM | Registered: C:\WINDOWS\system32\proctexe.ocx
9:26:05 AM | Registered: C:\WINDOWS\system32\tdc.ocx
9:26:05 AM | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
9:26:07 AM | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
9:26:08 AM | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
9:26:08 AM | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
9:26:08 AM | Registered: C:\WINDOWS\system32\quartz.dll
9:26:10 AM | Registered: C:\WINDOWS\system32\danim.dll
9:26:10 AM | Registered: C:\WINDOWS\system32\dmscript.dll
9:26:10 AM | Registered: C:\WINDOWS\system32\dmstyle.dll
9:26:12 AM | Registered: C:\WINDOWS\system32\dxmasf.dll
9:26:12 AM | Registered: C:\WINDOWS\system32\dxtmsft.dll
9:26:12 AM | Registered: C:\WINDOWS\system32\dxtrans.dll
9:26:13 AM | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
9:26:13 AM | Registered: C:\WINDOWS\system32\atl.dll
9:26:13 AM | Registered: C:\WINDOWS\system32\corpol.dll
9:26:13 AM | Registered: C:\WINDOWS\system32\jscript.dll
9:26:13 AM | Registered: C:\WINDOWS\system32\dispex.dll
9:26:14 AM | Registered: C:\WINDOWS\system32\scrrun.dll
9:26:14 AM | Registered: C:\WINDOWS\system32\scrobj.dll
9:26:15 AM | Registered: C:\WINDOWS\system32\vbscript.dll
9:26:15 AM | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
9:26:17 AM | Registered: C:\WINDOWS\system32\activeds.dll
9:26:17 AM | Registered: C:\WINDOWS\system32\audiodev.dll
9:26:17 AM | Registered: C:\WINDOWS\system32\browsewm.dll
9:26:18 AM | Registered: C:\WINDOWS\system32\cabview.dll
9:26:18 AM | Registered: C:\WINDOWS\system32\cdfview.dll
9:26:19 AM | Registered: C:\WINDOWS\system32\clbcatex.dll
9:26:19 AM | Registered: C:\WINDOWS\system32\clbcatq.dll
9:26:19 AM | Registered: C:\WINDOWS\system32\comcat.dll
9:26:19 AM | Registered: C:\WINDOWS\system32\cscui.dll
9:26:19 AM | Registered: C:\WINDOWS\system32\credui.dll
9:26:20 AM | Registered: C:\WINDOWS\system32\datime.dll
9:26:20 AM | Registered: C:\WINDOWS\system32\devmgr.dll
9:26:20 AM | Registered: C:\WINDOWS\system32\dfsshlex.dll
9:26:22 AM | Registered: C:\WINDOWS\system32\dmdlgs.dll
9:26:22 AM | Registered: C:\WINDOWS\system32\dmdskmgr.dll
9:26:22 AM | Registered: C:\WINDOWS\system32\dmloader.dll
9:26:23 AM | Registered: C:\WINDOWS\system32\dmocx.dll
9:26:23 AM | Registered: C:\WINDOWS\system32\dmview.ocx
9:26:23 AM | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
9:26:23 AM | Registered: C:\WINDOWS\system32\dsuiext.dll
9:26:24 AM | DllInstalled: C:\WINDOWS\system32\dsquery.dll
9:26:24 AM | Registered: C:\WINDOWS\system32\dsquery.dll
9:26:24 AM | Registered: C:\WINDOWS\system32\dskquoui.dll
9:26:24 AM | Registered: C:\WINDOWS\system32\els.dll
9:26:25 AM | Registered: C:\WINDOWS\system32\es.dll
9:26:26 AM | Registered: C:\WINDOWS\system32\fontext.dll
9:26:26 AM | Registered: C:\WINDOWS\system32\hlink.dll
9:26:27 AM | Registered: C:\WINDOWS\system32\hnetcfg.dll
9:26:27 AM | Registered: C:\WINDOWS\system32\iedkcs32.dll
9:26:28 AM | Registered: C:\WINDOWS\system32\iepeers.dll
9:26:28 AM | Registered: C:\WINDOWS\system32\ils.dll
9:26:29 AM | Registered: C:\WINDOWS\system32\inetcfg.dll
9:26:29 AM | Registered: C:\WINDOWS\system32\inetcomm.dll
9:26:30 AM | Registered: C:\WINDOWS\system32\laprxy.dll
9:26:31 AM | Registered: C:\WINDOWS\system32\lmrt.dll
9:26:31 AM | Registered: C:\WINDOWS\system32\mlang.dll
9:26:33 AM | Registered: C:\WINDOWS\system32\mmcndmgr.dll
9:26:33 AM | Registered: C:\WINDOWS\system32\mmcshext.dll
9:26:37 AM | Registered: C:\WINDOWS\system32\mscoree.dll
9:26:37 AM | Registered: C:\WINDOWS\system32\mshtmled.dll
9:26:38 AM | Registered: C:\WINDOWS\system32\msoeacct.dll
9:26:38 AM | Registered: C:\WINDOWS\system32\msr2c.dll
9:26:38 AM | DllInstalled: C:\WINDOWS\system32\mydocs.dll
9:26:38 AM | Registered: C:\WINDOWS\system32\mydocs.dll
9:26:39 AM | Registered: C:\WINDOWS\system32\mstime.dll
9:26:39 AM | Registered: C:\WINDOWS\system32\netcfgx.dll
9:26:39 AM | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
9:26:40 AM | Registered: C:\WINDOWS\system32\netplwiz.dll
9:26:40 AM | Registered: C:\WINDOWS\system32\netman.dll
9:26:40 AM | Registered: C:\WINDOWS\system32\netshell.dll
9:26:41 AM | Registered: C:\WINDOWS\system32\ntmsevt.dll
9:26:41 AM | Registered: C:\WINDOWS\system32\ntmsmgr.dll
9:26:42 AM | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
9:26:42 AM | Registered: C:\WINDOWS\system32\ntmssvc.dll
9:26:43 AM | DllInstalled: C:\WINDOWS\system32\occache.dll
9:26:43 AM | Registered: C:\WINDOWS\system32\occache.dll
9:26:43 AM | Registered: C:\WINDOWS\system32\ole32.dll
9:26:43 AM | Registered: C:\WINDOWS\system32\oleaut32.dll
9:26:43 AM | Registered: C:\WINDOWS\system32\oleacc.dll
9:26:43 AM | Registered: C:\WINDOWS\system32\olepro32.dll
9:26:44 AM | DllInstalled: C:\WINDOWS\system32\photowiz.dll
9:26:44 AM | Registered: C:\WINDOWS\system32\photowiz.dll
9:26:44 AM | Registered: C:\WINDOWS\system32\remotepg.dll
9:26:44 AM | Registered: C:\WINDOWS\system32\rpcrt4.dll
9:26:44 AM | Registered: C:\WINDOWS\system32\rshx32.dll
9:26:44 AM | Registered: C:\WINDOWS\system32\sendmail.dll
9:26:45 AM | Registered: C:\WINDOWS\system32\slayerxp.dll
9:26:45 AM | Registered: C:\WINDOWS\system32\shell32.dll
9:26:52 AM | DllInstalled: C:\WINDOWS\system32\shell32.dll
9:26:52 AM | Registered: C:\WINDOWS\system32\shmedia.dll
9:26:52 AM | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
9:26:53 AM | Registered: C:\WINDOWS\system32\shimgvw.dll
9:26:53 AM | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
9:26:53 AM | Registered: C:\WINDOWS\system32\shsvcs.dll
9:26:53 AM | Registered: C:\WINDOWS\system32\srclient.dll
9:26:53 AM | Unregistered: C:\WINDOWS\system32\stobject.dll
9:26:53 AM | Registered: C:\WINDOWS\system32\stobject.dll
9:26:53 AM | Registered: C:\WINDOWS\system32\twext.dll
9:26:53 AM | DllInstalled: C:\WINDOWS\system32\urlmon.dll
9:26:53 AM | Registered: C:\WINDOWS\system32\urlmon.dll
9:26:53 AM | Registered: C:\WINDOWS\system32\userenv.dll
9:26:53 AM | Registered: C:\WINDOWS\system32\winhttp.dll
9:26:53 AM | DllInstalled: C:\WINDOWS\system32\wininet.dll
9:26:53 AM | Registered: C:\WINDOWS\system32\zipfldr.dll
9:26:53 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll
9:26:53 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll
9:26:54 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll
9:26:54 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll
9:26:54 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll
9:26:54 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll
9:26:54 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll
9:26:54 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll
9:26:55 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll
9:26:55 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll
9:26:55 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll
9:26:56 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll
9:26:56 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll
9:26:56 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msjtor35.dll
9:26:57 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
9:26:57 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
9:26:57 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll
9:26:58 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll
9:26:58 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll
9:26:58 AM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll
9:26:58 AM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll
9:26:58 AM | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll
9:26:58 AM | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll
I dld Mozilla Firefox, to see if it would work, but it also said: "address not found."
This is from the error console:
Error: [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIChannel.contentType]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: file:///C:/Program%20Files/Mozilla%20Firefox/components/FeedProcessor.js :: FP_onStartRequest :: line 1440" data: no]
Source File: file:///C:/Program%20Files/Mozilla%20Firefox/components/FeedProcessor.js
Line: 1440
Msn doesn't work either. Trouble-shooting came up with errors with: DNS and Key ports
Also, when i ran ComboFix, it tried to download the WINDOWS RECOVERY CONSOLE, but aborted the process because it could not connect to the Internet. Should I download it from another computer and then rerun ComboFix?
Thanks.
-
Go Start > Run (Start search in Vista) then type in: cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).
At the Command Prompt, type in:
netsh winsock reset catalog
On the keyboard press Enter.
Do that again and type in:
netsh int ip reset reset.log
Press Enter.
Restart the computer.
Note: Resetting the Winsock using netsh winsock reset catalog command in SP2 removes all the third-party LSPs and restores Winsock to factory default setting. Existing programs that uses their own LSPs need to be reinstalled again. Example: Google Desktop Search.
----------
Go Start > Run (Start search in Vista) and type in: cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).
In the Command Prompt window type in following commands, and press Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
Note the space before the forward slash /
Restart the computer.
How about now?
-
Yeeaaahh! Thanks soooo much. I can connect to the IE and msn now.
Thanks heaps! You're a genius. ;D
-
OK lets make sure the malware is gone now.
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
- The above procedure will:
- Delete the following:
- ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Use the
Kaspersky Lab Online Scanner (http://www.kaspersky.com/virusscanner)
In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
- Click on SCAN NOW
- Click Accept.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
- The scan will take a while, so be patient and let it finish.
When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As- Next, in the Save as prompt, Save in area, select: Desktop.
- In the File name area use KScan, or something similar.
- In Save as type: click the drop arrow and select: Text file [*.txt]
- Then, click: Save
(http://i154.photobucket.com/albums/s258/evilfantasy69/Kas-Savetxt.gif)
Copy and paste the Kaspersky Online Scanner Report in your next reply.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
-
Here is my KScan log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, March 22, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, March 22, 2009 02:17:17
Records in database: 1948151
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
F:\
Scan statistics:
Files scanned: 46728
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:17:48
No malware has been detected. The scan area is clean.
The selected area was scanned.
Is there anything else I need to do?
-
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.
-
All done! ;D
Thanks again!!!
-
Your welcome.
Safe surfing... (|