|
|
|
Alureon Trojan causing browsing hassles + much more
|
|
Junior Member
|
20. May 2009 @ 22:34 |
Link to this message
|
I've had a terrible time with my computer sending me to ads, not the link I clicked on and when I press back to go back to google and click on it again, it works then. So when that started happening, I knew something was up... My mouse decides to just not work sometimes also. And Spybot hangs on startup before the loading bar shows on the screen. So I can't use my favorite program for viruses and the like :( And then when I click on the windows drive (I:\ in my case; don't ask why) an error message pops up and says this: "Windows cannot find 'RECYCLERS//S-6-4-50-1000023327-100009167-3807.COM'. MAKE SURE YOU TYPED THE NAME CORRECTLY, AND THEN TRY AGAIN. TO SEARCH FOR A FILE, CLICK THE START BUTTON, AND THEN CLICK SEARCH."
Now follows the HJT log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:11 PM, on 5/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\Airlink101\AWLH5026\WLService.exe
I:\Program Files\Airlink101\AWLH5026\AWLH5026.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\PROGRA~1\AVG\AVG8\avgemc.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\PROGRA~1\AVG\AVG8\avgnsx.exe
I:\Program Files\AVG\AVG8\avgcsrvx.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\PROGRA~1\AVG\AVG8\avgtray.exe
I:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
I:\Program Files\Lexmark P910 Series\lxbymon.exe
I:\Program Files\Lexmark P910 Series\ezprint.exe
I:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\Program Files\Java\jre6\bin\jusched.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\ATI Multimedia\main\ATIDtct.EXE
I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\ATI Multimedia\main\ATISched.EXE
I:\Program Files\ATI Multimedia\main\LaunchPd.exe
I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
I:\Program Files\Logitech\SetPoint\SetPoint.exe
I:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\system32\lxbycoms.exe
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\system32\wbem\wmiapsrv.exe
I:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
I:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
I:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - I:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATICCC] "I:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] I:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [lxbymon.exe] "I:\Program Files\Lexmark P910 Series\lxbymon.exe"
O4 - HKLM\..\Run: [EzPrint] "I:\Program Files\Lexmark P910 Series\ezprint.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] I:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ATI DeviceDetect] I:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ATI Scheduler] I:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "I:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - Startup: Adobe Gamma.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - I:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1234485781265
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: avgrsstarter - I:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxby_device - Lexmark International, Inc. - I:\WINDOWS\system32\lxbycoms.exe
O23 - Service: MIMO XR TM PCI Adapter WLService (MIMO XR TM PCI WLService) - Unknown owner - I:\Program Files\Airlink101\AWLH5026\WLService.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - I:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9496 bytes
Any help would be Greatly appreciated because I just reformatted lol I don't really want to do it all over again with all the different programs I use... lol
"Our species is intelligent enough to create the ability to do something, and socially handicapped enough to prevent ourselves from ever actually attempting it."
ASUS P5LD2-VM Motherboard
Intel Pentium D 3.2 GHz dual core OC 3.38GHz(5%) w/ Zalman heatsink and fan
5 fans total
3 GB dual channel RAM @ 667mhz
1 DVDRW drive (IDE)
Saphire ATI Radeon HD 4650 512 mb PCIe 2.0 16x (OC 630MHz CPU, 715MHz memory)
4 HDDs (320 GB SATA WD caviar blue w/ Win 7 Ultimate, 250 GB PATA Seagate, 1 TB WD Caviar Black, and 80GB WD Caviar SE)
BFG tech ATX 12V 2.2 550 watt modular PSU
|
|
Advertisement
|
|
|
|
AfterDawn Addict
|
21. May 2009 @ 13:35 |
Link to this message
|
Hi j24ep, kinda thought you might post?.
Your HJT Log is clean except for one line that might suggest the Trojan..
HJT cannot be trusted to find the new malware. Ever since Merjin sold it to Trend Micro it hasn?t been kept up : (
Do the following and if you have any problems, don?t go on?. Let me know.
1.) Download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
? Please post the MBAM Log in your next reply.
2.) ComboFix
1. Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
Quote:
"%userprofile%\desktop\combofix.exe" /killall
3. Combo will begin to run DO NOTHING while this is happening.
? It will kill a few processes and disconnect you from the internet.
? If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
? This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
If when it's completed you can not get on the internet just reboot the computer
Post the log from comboFix for me located in
c:\comboFix.txt
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Junior Member
|
21. May 2009 @ 19:57 |
Link to this message
|
Yeah I only had a little time the night before and didn't get to tackle my problems. That's interesting about HJT; I didn't know. NOD 32 is on its way to my house btw. I started out with this and loved it but didn't want to spend the money for the subscription after the year was up. Anyway back to business...
malwarebytes log:
Malwarebytes' Anti-Malware 1.36
Database version: 2164
Windows 5.1.2600 Service Pack 3
5/21/2009 6:24:02 PM
mbam-log-2009-05-21 (18-24-02).txt
Scan type: Full Scan (C:\|I:\|)
Objects scanned: 211640
Time elapsed: 23 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\RECYCLER\S-1-5-48-100022975-100032112-100010851-8691.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-8-49-100032577-100020844-100022862-6756.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\RECYCLER\S-2-6-53-100030226-100005279-100007919-8367.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\RECYCLER\S-6-8-39-100017055-100019459-100029558-2916.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.
end of log
Combofix:
[img]C:\Documents and Settings\Joel Woodmansee\Desktop\PIC_0801.JPG[/img]
Malwarebytes' Anti-Malware 1.36
Database version: 2164
Windows 5.1.2600 Service Pack 3
5/21/2009 6:24:02 PM
mbam-log-2009-05-21 (18-24-02).txt
Scan type: Full Scan (C:\|I:\|)
Objects scanned: 211640
Time elapsed: 23 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\RECYCLER\S-1-5-48-100022975-100032112-100010851-8691.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-8-49-100032577-100020844-100022862-6756.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\RECYCLER\S-2-6-53-100030226-100005279-100007919-8367.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\RECYCLER\S-6-8-39-100017055-100019459-100029558-2916.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.
end of log
"Our species is intelligent enough to create the ability to do something, and socially handicapped enough to prevent ourselves from ever actually attempting it."
ASUS P5LD2-VM Motherboard
Intel Pentium D 3.2 GHz dual core OC 3.38GHz(5%) w/ Zalman heatsink and fan
5 fans total
3 GB dual channel RAM @ 667mhz
1 DVDRW drive (IDE)
Saphire ATI Radeon HD 4650 512 mb PCIe 2.0 16x (OC 630MHz CPU, 715MHz memory)
4 HDDs (320 GB SATA WD caviar blue w/ Win 7 Ultimate, 250 GB PATA Seagate, 1 TB WD Caviar Black, and 80GB WD Caviar SE)
BFG tech ATX 12V 2.2 550 watt modular PSU
|
Junior Member
|
21. May 2009 @ 21:17 |
Link to this message
|
Guess what! I just tried Spybot sd for the heck of it and it worked. Now IDK whether it was because of what we've done or if its just cuz I reinstalled and rebooted... I don't care; it works now! I don't want to jinx it tho. lol
listen to me i sound like a little kid. lol
"Our species is intelligent enough to create the ability to do something, and socially handicapped enough to prevent ourselves from ever actually attempting it."
ASUS P5LD2-VM Motherboard
Intel Pentium D 3.2 GHz dual core OC 3.38GHz(5%) w/ Zalman heatsink and fan
5 fans total
3 GB dual channel RAM @ 667mhz
1 DVDRW drive (IDE)
Saphire ATI Radeon HD 4650 512 mb PCIe 2.0 16x (OC 630MHz CPU, 715MHz memory)
4 HDDs (320 GB SATA WD caviar blue w/ Win 7 Ultimate, 250 GB PATA Seagate, 1 TB WD Caviar Black, and 80GB WD Caviar SE)
BFG tech ATX 12V 2.2 550 watt modular PSU
|
AfterDawn Addict
|
22. May 2009 @ 04:20 |
Link to this message
|
Well, that seems to have removed the Trojan.DNSchanger that I saw in the HJT Log and also cleaned it from your recycle bin.
Now if you will follow up with ComboFix, that will clean up the remnants and anything that MBAM missed so it don?t come back on you..
Post the combofix log and we can cleanup any leftovers.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Junior Member
|
22. May 2009 @ 14:58 |
Link to this message
|
Alright here is the combofix report
ComboFix 09-05-20.A1 - Joel 05/22/2009 14:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2363 [GMT -5:00]
Running from: i:\documents and settings\Joel\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.
2009-05-21 03:12 . 2009-05-21 03:12 -------- d-----w i:\program files\Trend Micro
2009-05-19 02:33 . 2009-05-19 02:33 -------- d-----w i:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-18 01:28 . 2009-05-18 01:28 -------- d-----w i:\documents and settings\Joel\Application Data\Malwarebytes
2009-05-18 01:18 . 2009-04-06 20:32 15504 ----a-w i:\windows\system32\drivers\mbam.sys
2009-05-18 01:18 . 2009-04-06 20:32 38496 ----a-w i:\windows\system32\drivers\mbamswissarmy.sys
2009-05-18 01:18 . 2009-05-18 01:18 -------- d-----w i:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-18 01:18 . 2009-05-18 01:20 -------- d-----w i:\program files\Malwarebytes' Anti-Malware
2009-05-17 04:49 . 2009-05-17 05:28 -------- d-----w i:\documents and settings\Administrator\Application Data\U3
2009-05-17 04:47 . 2009-05-17 04:47 -------- d-----w i:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-17 00:24 . 2009-05-17 00:24 -------- d-----w i:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-05-12 02:18 . 2009-05-12 02:17 24576 ----a-w i:\windows\system32\AsIO.dll
2009-05-12 02:18 . 2009-05-12 02:17 12664 ----a-w i:\windows\system32\drivers\AsIO.sys
2009-05-12 02:18 . 2009-05-12 02:18 -------- d-----w i:\program files\ASUS
2009-05-12 02:16 . 2009-05-12 02:15 143360 ----a-w i:\windows\system32\RtlCPAPI.dll
2009-05-12 02:16 . 2009-05-12 02:15 2879488 ----a-w i:\windows\SkyTel.exe
2009-05-12 02:16 . 2009-05-12 02:15 69632 ----a-w i:\windows\Alcmtr.exe
2009-05-11 22:48 . 2009-05-11 22:48 -------- d-----w i:\program files\iPod
2009-05-11 22:48 . 2009-05-11 22:48 -------- d-----w i:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-11 22:48 . 2009-05-11 22:48 -------- d-----w i:\program files\iTunes
2009-05-07 03:53 . 2009-03-06 14:22 284160 -c----w i:\windows\system32\dllcache\pdh.dll
2009-05-07 03:53 . 2009-02-09 12:10 401408 -c----w i:\windows\system32\dllcache\rpcss.dll
2009-05-07 03:53 . 2009-02-06 11:11 110592 -c----w i:\windows\system32\dllcache\services.exe
2009-05-07 03:53 . 2009-02-09 12:10 473600 -c----w i:\windows\system32\dllcache\fastprox.dll
2009-05-07 03:53 . 2009-02-06 10:10 227840 -c----w i:\windows\system32\dllcache\wmiprvse.exe
2009-05-07 03:53 . 2009-02-09 12:10 453120 -c----w i:\windows\system32\dllcache\wmiprvsd.dll
2009-05-07 03:53 . 2009-02-09 12:10 729088 -c----w i:\windows\system32\dllcache\lsasrv.dll
2009-05-07 03:53 . 2009-02-09 12:10 617472 -c----w i:\windows\system32\dllcache\advapi32.dll
2009-05-07 03:53 . 2009-02-09 12:10 714752 -c----w i:\windows\system32\dllcache\ntdll.dll
2009-05-07 03:50 . 2008-05-03 11:55 2560 ------w i:\windows\system32\xpsp4res.dll
2009-05-07 03:50 . 2008-04-21 12:08 215552 -c----w i:\windows\system32\dllcache\wordpad.exe
2009-05-07 03:45 . 2008-10-16 19:06 208744 ----a-w i:\windows\system32\muweb.dll
2009-05-07 03:45 . 2008-10-16 19:06 268648 ----a-w i:\windows\system32\mucltui.dll
2009-05-01 00:03 . 2009-05-01 02:49 -------- d-----w i:\documents and settings\Joel\Application Data\Any Video Converter
2009-05-01 00:03 . 2009-05-01 00:03 -------- d-----w i:\program files\Any Video Converter
2009-04-28 22:43 . 2009-04-28 22:43 20747 ----a-w i:\windows\system32\drivers\AegisP.sys
2009-04-28 22:43 . 2004-04-30 20:12 40960 ----a-w i:\windows\system32\AWLH5026.dll
2009-04-28 22:43 . 2005-06-15 09:35 36864 ----a-w i:\windows\system32\ss.dll
2009-04-28 22:43 . 2006-01-20 03:10 363008 ----a-w i:\windows\system32\drivers\rt61.sys
2009-04-28 22:43 . 2003-10-13 20:30 94208 ----a-w i:\windows\system32\GTW32N50.dll
2009-04-28 22:43 . 2003-09-26 03:15 15872 ----a-w i:\windows\system32\GTNDIS5.sys
2009-04-28 22:42 . 2009-04-28 22:42 -------- d-----w i:\program files\Airlink101
2009-04-28 15:01 . 2009-04-28 15:01 -------- d-----w i:\documents and settings\NetworkService\Local Settings\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 02:54 . 2009-02-17 00:41 -------- d-----w i:\program files\Spybot - Search & Destroy
2009-05-20 04:25 . 2009-02-17 01:28 47360 ----a-w i:\documents and settings\Joel\Application Data\pcouffin.sys
2009-05-18 01:25 . 2009-05-18 03:42 3046912 ----a-w i:\windows\Internet Logs\xDB4.tmp
2009-05-18 01:25 . 2009-05-18 03:42 1766912 ----a-w i:\windows\Internet Logs\xDB5.tmp
2009-05-18 01:25 . 2009-03-24 21:06 8470339 ----a-w i:\windows\Internet Logs\tvDebug.Zip
2009-05-17 14:45 . 2009-02-13 00:18 -------- d--h--w i:\program files\InstallShield Installation Information
2009-05-13 20:33 . 2009-05-13 20:34 1716224 ----a-w i:\windows\Internet Logs\xDB3.tmp
2009-05-12 02:16 . 2009-02-13 00:18 -------- d-----w i:\program files\Realtek
2009-05-12 02:15 . 2009-02-13 00:19 86016 ----a-w i:\windows\SoundMan.exe
2009-05-12 02:15 . 2009-02-13 00:19 364544 ----a-w i:\windows\RtlUpd.exe
2009-05-12 02:15 . 2009-02-13 00:19 9709568 ----a-w i:\windows\RTLCPL.exe
2009-05-12 02:15 . 2009-02-13 00:19 4377600 ----a-w i:\windows\system32\drivers\RtkHDAud.Sys
2009-05-12 02:15 . 2009-02-13 00:18 16262656 ----a-w i:\windows\RTHDCPL.exe
2009-05-12 02:15 . 2009-02-13 00:18 2158592 ----a-w i:\windows\MicCal.exe
2009-05-12 02:15 . 2009-02-13 00:18 2808832 ----a-w i:\windows\alcwzrd.exe
2009-05-12 02:15 . 2009-02-13 00:20 49152 ----a-w i:\windows\system32\ChCfg.exe
2009-05-11 22:48 . 2009-02-17 02:30 -------- d-----w i:\program files\Common Files\Apple
2009-05-10 00:41 . 2009-02-17 00:23 11952 ----a-w i:\windows\system32\avgrsstx.dll
2009-05-10 00:41 . 2009-02-17 00:23 325896 ----a-w i:\windows\system32\drivers\avgldx86.sys
2009-05-10 00:41 . 2009-02-17 00:23 108552 ----a-w i:\windows\system32\drivers\avgtdix.sys
2009-05-07 01:34 . 2009-02-13 00:26 -------- d-----w i:\program files\Common Files\ATI
2009-04-28 23:03 . 2009-02-18 02:02 -------- d-----w i:\program files\Bible Navigator
2009-04-28 00:48 . 2009-03-13 01:08 15688 ----a-w i:\windows\system32\lsdelete.exe
2009-04-28 00:46 . 2009-02-17 00:44 64160 ----a-w i:\windows\system32\drivers\Lbd.sys
2009-04-26 14:40 . 2009-04-26 14:41 1643008 ----a-w i:\windows\Internet Logs\xDB2.tmp
2009-04-21 01:53 . 2009-02-13 01:47 78896 ----a-w i:\documents and settings\Joel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 01:21 . 2009-04-21 01:20 -------- d-----w i:\program files\TI Education
2009-04-21 01:20 . 2009-04-21 01:20 -------- d-----w i:\program files\Common Files\TI Shared
2009-04-21 01:19 . 2009-04-21 01:19 -------- d-----w i:\program files\Common Files\Wise Installation Wizard
2009-04-04 16:27 . 2009-04-04 16:27 -------- d-----w i:\program files\Hasbro
2009-04-04 15:03 . 2009-04-04 15:03 -------- d-----w i:\program files\Ubisoft
2009-04-03 03:40 . 2009-02-17 01:33 -------- d-----w i:\program files\Java
2009-03-30 03:56 . 2009-02-20 21:43 4212 ---ha-w i:\windows\system32\zllictbl.dat
2009-03-26 05:08 . 2009-02-13 00:41 -------- d-----w i:\program files\Common Files\Adobe
2009-03-19 21:32 . 2009-02-17 02:32 23400 ----a-w i:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 10:19 . 2009-02-17 01:33 410984 ----a-w i:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w i:\windows\system32\pdh.dll
2009-03-06 04:59 . 2009-03-22 04:12 1900544 ----a-w i:\windows\system32\usbaaplrc.dll
2009-03-06 04:59 . 2009-02-17 02:30 36864 ----a-w i:\windows\system32\drivers\usbaapl.sys
2009-03-05 00:47 . 2009-03-05 00:50 2683904 ----a-w i:\windows\Internet Logs\xDB1.tmp
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w i:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"="i:\program files\ATI Multimedia\main\ATIDtct.EXE" [2005-11-05 57344]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="i:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"ctfmon.exe"="i:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="i:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504]
"ATI Scheduler"="i:\program files\ATI Multimedia\main\ATISched.EXE" [2005-11-05 26624]
"ATI Launchpad"="i:\program files\ATI Multimedia\main\LaunchPd.exe" [2005-11-05 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="i:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"NeroFilterCheck"="i:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-17 570664]
"AVG8_TRAY"="i:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-10 1947928]
"Ad-Watch"="i:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-28 516440]
"lxbymon.exe"="i:\program files\Lexmark P910 Series\lxbymon.exe" [2005-01-18 196608]
"EzPrint"="i:\program files\Lexmark P910 Series\ezprint.exe" [2004-09-17 61440]
"HydraVisionDesktopManager"="i:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-16 270336]
"QuickTime Task"="i:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ZoneAlarm Client"="i:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"SunJavaUpdateSched"="i:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RTHDCPL"="RTHDCPL.EXE" - i:\windows\RTHDCPL.exe [2009-05-12 16262656]
"SkyTel"="SkyTel.EXE" - i:\windows\SkyTel.exe [2009-05-12 2879488]
i:\documents and settings\Joel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - i:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - i:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
i:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - i:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech SetPoint.lnk - i:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-16 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-10 00:41 11952 ----a-w i:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NeroRegInCDSrv"=2 (0x2)
"hpqddsvc"=2 (0x2)
"UPS"=3 (0x3)
"PnkBstrA"=2 (0x2)
"LightScribeService"=2 (0x2)
"InCDsrv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"i:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"i:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"i:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"i:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"i:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"i:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"i:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"i:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"i:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\WINDOWS\\system32\\sessmgr.exe"=
"i:\\Program Files\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;i:\windows\system32\drivers\Lbd.sys [2/16/2009 7:44 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;i:\windows\system32\drivers\avgldx86.sys [2/16/2009 7:23 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;i:\windows\system32\drivers\avgtdix.sys [2/16/2009 7:23 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;i:\progra~1\AVG\AVG8\avgemc.exe [2/16/2009 7:23 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;i:\progra~1\AVG\AVG8\avgwdsvc.exe [2/16/2009 7:23 PM 298776]
R2 MIMO XR TM PCI WLService;MIMO XR TM PCI Adapter WLService;i:\program files\Airlink101\AWLH5026\WLService.exe [4/28/2009 5:43 PM 49152]
R3 EUCR;ENE USB Mass Storage;i:\windows\system32\drivers\EUCR6SK.sys [2/12/2009 7:37 PM 42240]
R3 StreamSurge;StreamSurge Driver (miniport);i:\windows\system32\DRIVERS\ss.sys --> i:\windows\system32\DRIVERS\ss.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;i:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 953168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"i:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-05-15 i:\windows\Tasks\0.job
- i:\progra~1\ATIMUL~1\main\ATISchedInvoke.exe [2005-11-05 02:36]
2009-05-14 i:\windows\Tasks\1.job
- i:\progra~1\ATIMUL~1\main\ATISchedInvoke.exe [2005-11-05 02:36]
2009-05-14 i:\windows\Tasks\2.job
- i:\progra~1\ATIMUL~1\main\ATISchedInvoke.exe [2005-11-05 02:36]
2009-05-20 i:\windows\Tasks\3.job
- i:\progra~1\ATIMUL~1\MAIN\ATISchedInvoke.exe [2005-11-05 02:36]
2009-05-19 i:\windows\Tasks\Ad-Aware Update (Weekly).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:45]
2009-04-28 i:\windows\Tasks\AppleSoftwareUpdate.job
- i:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - i:\documents and settings\Joel\Application Data\Mozilla\Firefox\Profiles\s8lnnd1y.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 14:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(808)
i:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2896)
i:\program files\iTunes\iTunesMiniPlayer.dll
i:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
i:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
i:\windows\system32\WPDShServiceObj.dll
i:\windows\system32\PortableDeviceTypes.dll
i:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-22 14:43
ComboFix-quarantined-files.txt 2009-05-22 19:43
ComboFix2.txt 2009-05-22 00:58
Pre-Run: 66,828,066,816 bytes free
Post-Run: 66,812,743,680 bytes free
227 --- E O F --- 2009-05-07 21:11
Hopefully we've taken care of it. BTW I have already run spybot, adaware and avg. avg found a few things. I'll post the things it found.
"C:\System Volume Information\_restore{5E8179D9-D428-4170-9BB4-22D56BCEE306}\RP86\A0033501.inf";"Virus found Worm/AutoRun";"Moved to Virus Vault"
"I:\Qoobox\Quarantine\C\autorun.inf.vir";"Virus found Worm/AutoRun";"Moved to Virus Vault"
"I:\Qoobox\Quarantine\I\autorun.inf.vir";"Virus found Worm/AutoRun";"Moved to Virus Vault"
"I:\Qoobox\Quarantine\I\WINDOWS\system32\drivers\gxvxcmbmkvkjwqpqjwloujjovcjcnunsbitvp.sys.vir";"Trojan horse BackDoor.Generic11.OIK";"Moved to Virus Vault"
"I:\Qoobox\Quarantine\I\WINDOWS\system32\drivers\gxvxcodoymxdqgrkcvvitbwkrqruckspqqjlk.sys.vir";"Trojan horse BackDoor.Generic11.OIK";"Moved to Virus Vault"
"I:\Qoobox\Quarantine\I\WINDOWS\system32\drivers\gxvxcvmsobobwpysoucxnstoqoolkbndhvhlt.sys.vir";"Trojan horse BackDoor.Generic11.OIK";"Moved to Virus Vault"
"I:\Qoobox\Quarantine\I\WINDOWS\system32\drivers\gxvxcwmndopqddxstuhdttklarjkdtdcxxnxe.sys.vir";"Trojan horse BackDoor.Generic11.OIK";"Moved to Virus Vault"
"I:\Qoobox\Quarantine\I\WINDOWS\system32\gxvxcyitrldpgvnmttdmpiiirjyljecdsyegk.dll.vir";"Trojan horse Agent2.GUF";"Moved to Virus Vault"
"I:\System Volume Information\_restore{5E8179D9-D428-4170-9BB4-22D56BCEE306}\RP86\A0033476.sys";"Trojan horse BackDoor.Generic11.OIK";"Moved to Virus Vault"
"I:\System Volume Information\_restore{5E8179D9-D428-4170-9BB4-22D56BCEE306}\RP86\A0033477.sys";"Trojan horse BackDoor.Generic11.OIK";"Moved to Virus Vault"
"I:\System Volume Information\_restore{5E8179D9-D428-4170-9BB4-22D56BCEE306}\RP86\A0033478.sys";"Trojan horse BackDoor.Generic11.OIK";"Moved to Virus Vault"
"I:\System Volume Information\_restore{5E8179D9-D428-4170-9BB4-22D56BCEE306}\RP86\A0033479.sys";"Trojan horse BackDoor.Generic11.OIK";"Moved to Virus Vault"
"I:\System Volume Information\_restore{5E8179D9-D428-4170-9BB4-22D56BCEE306}\RP86\A0033481.dll";"Trojan horse Agent2.GUF";"Moved to Virus Vault"
"I:\System Volume Information\_restore{5E8179D9-D428-4170-9BB4-22D56BCEE306}\RP86\A0033502.inf";"Virus found Worm/AutoRun";"Moved to Virus Vault"
"Our species is intelligent enough to create the ability to do something, and socially handicapped enough to prevent ourselves from ever actually attempting it."
ASUS P5LD2-VM Motherboard
Intel Pentium D 3.2 GHz dual core OC 3.38GHz(5%) w/ Zalman heatsink and fan
5 fans total
3 GB dual channel RAM @ 667mhz
1 DVDRW drive (IDE)
Saphire ATI Radeon HD 4650 512 mb PCIe 2.0 16x (OC 630MHz CPU, 715MHz memory)
4 HDDs (320 GB SATA WD caviar blue w/ Win 7 Ultimate, 250 GB PATA Seagate, 1 TB WD Caviar Black, and 80GB WD Caviar SE)
BFG tech ATX 12V 2.2 550 watt modular PSU
|
AfterDawn Addict
|
22. May 2009 @ 15:59 |
Link to this message
|
Hey, Hey j24ep, looking good.. : )
Well, I suppose you had already ran ComboFix because what AVG found was Qoobox which is combo?s Quarantine and the Log is clean now?.
You will need to un-install ComboFix so it can reset a few things that it changes..
Do it this way:
Click START then RUN
Now copy/paste Combofix /u in runbox and click OK.
Note the space between the X and the U, it needs to be there.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
A little tip:
If you are going to use P2P, then Install = > Comodo BOClean protects your computer against trojans, malware and other threats.
I can?t lecture you because I do the P2P thing myself. With BoClean, malware will be stopped before it can install and bury up in your registry?? It?s free and it works : )
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Junior Member
|
23. May 2009 @ 22:12 |
Link to this message
|
I'm away from my computer for the rest of the weekend so I will have to do that after I get back on Monday. Thanx a lot for all your help and for the great new programs I had never heard of! I don't do the P2P stuff although one time I lost licenses to a dozen or so songs and didn't want to have to buy them again so I got limewire and downloaded them from it. I had an mp3 player that still had the songs but that player would not allow player to computer upload... A big pain in the butt. I got a small virus from that and got rid of it quick and uninstalled limewire. thats why I don't use those things. Thanks again!
"Our species is intelligent enough to create the ability to do something, and socially handicapped enough to prevent ourselves from ever actually attempting it."
ASUS P5LD2-VM Motherboard
Intel Pentium D 3.2 GHz dual core OC 3.38GHz(5%) w/ Zalman heatsink and fan
5 fans total
3 GB dual channel RAM @ 667mhz
1 DVDRW drive (IDE)
Saphire ATI Radeon HD 4650 512 mb PCIe 2.0 16x (OC 630MHz CPU, 715MHz memory)
4 HDDs (320 GB SATA WD caviar blue w/ Win 7 Ultimate, 250 GB PATA Seagate, 1 TB WD Caviar Black, and 80GB WD Caviar SE)
BFG tech ATX 12V 2.2 550 watt modular PSU
|
AfterDawn Addict
|
24. May 2009 @ 01:29 |
Link to this message
|
|
You are welcome...
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Junior Member
|
26. May 2009 @ 08:32 |
Link to this message
|
I don't know what caused this but no programs show up in add/remove programs anymore... I don't suppose this is a huge deal cuz you can just get regseeker and use that but if there's a quick solution to that I'd like to get them back... Thanks
"Our species is intelligent enough to create the ability to do something, and socially handicapped enough to prevent ourselves from ever actually attempting it."
ASUS P5LD2-VM Motherboard
Intel Pentium D 3.2 GHz dual core OC 3.38GHz(5%) w/ Zalman heatsink and fan
5 fans total
3 GB dual channel RAM @ 667mhz
1 DVDRW drive (IDE)
Saphire ATI Radeon HD 4650 512 mb PCIe 2.0 16x (OC 630MHz CPU, 715MHz memory)
4 HDDs (320 GB SATA WD caviar blue w/ Win 7 Ultimate, 250 GB PATA Seagate, 1 TB WD Caviar Black, and 80GB WD Caviar SE)
BFG tech ATX 12V 2.2 550 watt modular PSU
|
AfterDawn Addict
|
29. May 2009 @ 08:27 |
Link to this message
|
|
It has been several years since I have dealt with the problem of missing add/remove programs.. If I can get my old brain in gear, here is something to check:
Start > run > regedit >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
The add/remove programs are in folders under Uninstall..
If I remember correctly, the problem is with an add/remove program that has a name longer than 64 bytes? Find that one and delete the folder and it should clear the problem?
Let me know?
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 29. May 2009 @ 08:28
|
Junior Member
|
30. May 2009 @ 01:50 |
Link to this message
|
|
Sorry you went over my head on that one. I went through binary stuff in computer repair but I'm not sure what you're saying I'm looking for in the uninstall registry folder. Are u saying its going to be longer than 8.3 naming system? (8 letters + 3 letter extension) That's a lot of stuff to go through... I exported a text file listing all files under the uninstall folder and it was 891 kb. lol ugh there's an easier way isn't there? a search function maybe...
"Our species is intelligent enough to create the ability to do something, and socially handicapped enough to prevent ourselves from ever actually attempting it."
ASUS P5LD2-VM Motherboard
Intel Pentium D 3.2 GHz dual core OC 3.38GHz(5%) w/ Zalman heatsink and fan
5 fans total
3 GB dual channel RAM @ 667mhz
1 DVDRW drive (IDE)
Saphire ATI Radeon HD 4650 512 mb PCIe 2.0 16x (OC 630MHz CPU, 715MHz memory)
4 HDDs (320 GB SATA WD caviar blue w/ Win 7 Ultimate, 250 GB PATA Seagate, 1 TB WD Caviar Black, and 80GB WD Caviar SE)
BFG tech ATX 12V 2.2 550 watt modular PSU
|
|
Advertisement
|
|
|
AfterDawn Addict
|
30. May 2009 @ 07:29 |
Link to this message
|
|
j24ep,
Didn?t mean to shoot over your head, I was aiming AT you? : )
When you get to the Uninstall folder in regedit just click the little arrow to drop it down.
Under uninstall you will find folders that are named for the programs in add/remove.
If any of these folders has a very long name, probably over 64 characters and may look like random letters, numbers, etc. ? That is the culprit and you need to delete that folder.
We won?t worry about binary, octal, digital or hexadecimal?. It?s just a folder name : )
If you can?t find a folder with an excessively long name, that will eliminate that.. : )
2oG
p.s. I speak fluent octal and hexadecimal but prefer binary because it?s so easy for me to type with one hand and count to 31 with the other hand at the same time.. I am also ambidextrous, multi-lingual and glow in the dark? lamo
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
