TheTechGuide Forum
General Category => Tech Clinic => Topic started by: mapexdrummer17 on December 09, 2008, 08:50:04 PM
-
I contacted the YOOG virus using bit-torrents. I got rid of the actual YOOG icon from my firefox search bar by removing firefox, deleting all folders associated with firefox, and then reinstalling. The problem now is that I still get pop ups. I get a new tab often for no reason when I have an open firefox browser, and it is usually a site that was affiliated with YOOG. All google services are slow or not functional at all. Firefox crashes and freezes up half of the time it is opened. I run NOD32, and I've not completed a scan, but at 73%, it finds nothing. I use Vista Manager and I've been deleting all startup entries created by the YOOG stuff and running the registry cleaner several times as well.
These programs will not open or not install when clicked on:
HiJack This
Malabytes' Malware
Google Chrome Browser
Spy Doctor
Others I can't remember right now.
I'm at my wit's end...what do I do?
-
I Pm'ed you, can you check your messages please
Then we'll tackle your problem here
-
Can you let me know if you can do the following please
I want to see if you can download Combo fix from
the following location, save it ONLY to your desktop if you can
Click Here (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
Don't run it yet, just let me know if you can download it
-
[quote name=\'guestolo\' post=\'449545\' date=\'Dec 9 2008, 08:19 PM\']Can you let me know if you can do the following please
I want to see if you can download Combo fix from
the following location, save it ONLY to your desktop if you can
Click Here (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
Don't run it yet, just let me know if you can download it[/quote]
I was able to download it. I may have deleted something I needed. When I've tried to run some applications I get "Is not a valid Win32 application" I got this for RSIT and combofix.
-
Can you right click on ComboFix.exe and rename it to something else
like
mapex.exe
Next do the following
Just in case it will run
Can you ensure you following these steps
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply
If it won't run let me know please
-
Won't Run. The download shows 0 bytes as the size for some reason, and when I double click I get: NOt A Valid WIN 32 app. I'm thinking I maybe deleted something I wasn't supposed to when registry cleaning? I do have a backup file from a couple weeks back...should I use that somehow? Or is it just the virus doing all this?
-
[quote name=\'mapexdrummer17\' post=\'449556\' date=\'Dec 9 2008, 08:42 PM\']Won't Run. The download shows 0 bytes as the size for some reason, and when I double click I get: NOt A Valid WIN 32 app. I'm thinking I maybe deleted something I wasn't supposed to when registry cleaning? I do have a backup file from a couple weeks back...should I use that somehow? Or is it just the virus doing all this?[/quote]
I used a clean computer and got the applications...will try to run them now. RSIT and Combofix
-
Ok, so I got combofix to load up for a second, then it stopped. Tried again and it said combo fix has stopped working...same stuff. RSIT I did get to work. Here is the log file from that:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jake at 2008-12-09 20:48:32
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 300 GB (64%) free of 467 GB
Total RAM: 3325 MB (56% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\iqcuhbmp.job
C:\Windows\tasks\User_Feed_Synchronization-{AF8FD390-26F3-48A4-BA1F-9F59837C3793}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326c656a-e58c-4cf9-bc3b-ab63acfb5bb9}]
C:\Windows\system32\sopakowo.dll [2008-09-09 63030]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5BF49A2-94F1-42BD-F434-3604812C807D}]
C:\Windows\system32\jsdf768wude.dll - C:\Windows\system32\jsdf768wude.dll [2008-12-09 15000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-07-14 2549368]
{BF53502D-3BEF-4273-9925-89D7526A5F87}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-17 4907008]
"VolPanel"=C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [2006-11-27 180224]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-10 29744]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
""= []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-21 144792]
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe [2008-04-09 826880]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
"CPM3fb74c4a"=c:\windows\system32\vivopiye.dll [2008-12-09 93750]
"gozugibaze"=C:\Windows\system32\wimavapa.dll [2008-09-09 63030]
"3c847fd6"=C:\Windows\system32\kusisepa.dll []
"xsjfn83jkemfofght"=C:\Users\Jake\AppData\Local\Temp\winloggn.exe [2008-12-09 15000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-10 68856]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"xsjfn83jkemfofght"=C:\Users\Jake\AppData\Local\Temp\winloggn.exe [2008-12-09 15000]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\vivopiye.dll,C:\Windows\system32\hapoyivu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2006-11-03 94314]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vivopiye.dll [2008-12-09 93750]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\Windows\system32\jsdf768wude.dll [2008-12-09 15000]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vivopiye.dll [2008-12-09 93750]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\Windows\system32\mlJDuttq
"notification packages"=scecli
C:\Windows\system32\hapoyivu.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\directx\command - DirectX9\dxsetup.exe
======List of files/folders created in the last 1 months======
2008-12-09 20:48:32 ----D---- C:\rsit
2008-12-09 20:47:53 ----A---- C:\Windows\system32\CF30199.exe
2008-12-09 20:47:46 ----A---- C:\Windows\system32\swsc.exe
2008-12-09 20:47:40 ----A---- C:\Bug.txt
2008-12-09 18:08:29 ----A---- C:\Windows\system32\XceedCry.dll
2008-12-09 18:08:29 ----A---- C:\Windows\system32\XceedBkp.dll
2008-12-09 18:08:28 ----A---- C:\Windows\system32\VB6STKIT.DLL
2008-12-09 17:52:11 ----D---- C:\Program Files\Mozilla Firefox 3.1 Beta 2
2008-12-09 17:10:42 ----SH---- C:\Windows\system32\apesisuk.ini
2008-12-09 16:43:45 ----D---- C:\Users\Jake\AppData\Roaming\AEVITA
2008-12-09 16:43:45 ----D---- C:\Program Files\AEVITA Wipe & Delete
2008-12-09 16:34:48 ----A---- C:\Windows\system32\geBTjHXr.dll
2008-12-09 16:30:25 ----A---- C:\Windows\system32\fccyvSLC.dll
2008-12-09 16:29:44 ----A---- C:\Windows\system32\opnlIyVN.dll
2008-12-09 16:29:44 ----A---- C:\Windows\ndxq3074.exe
2008-12-09 16:29:43 ----A---- C:\Windows\j414.exe
2008-12-09 16:29:41 ----A---- C:\Windows\lik02.exe
2008-12-09 16:29:40 ----A---- C:\Windows\system32\efcAQJyv.dll
2008-12-09 16:29:37 ----A---- C:\Windows\tj85.exe
2008-12-09 16:29:29 ----A---- C:\Windows\eo4.exe
2008-12-09 16:29:28 ----A---- C:\Windows\ee3362.exe
2008-12-09 16:29:04 ----A---- C:\Windows\h288.exe
2008-12-09 16:28:51 ----A---- C:\Windows\nc605007.exe
2008-12-09 16:28:48 ----A---- C:\Windows\system32\jsdf768wude.dll
2008-12-09 16:28:45 ----A---- C:\Windows\tjyvb346054.exe
2008-12-09 16:28:41 ----A---- C:\Windows\nohh06760.exe
2008-12-08 20:35:02 ----D---- C:\ProgramData\HP Product Assistant
2008-12-08 17:57:45 ----D---- C:\Users\Jake\AppData\Roaming\ValuSoft
2008-12-08 17:47:52 ----D---- C:\Program Files\Prison Tycoon 4
2008-12-08 17:32:48 ----D---- C:\Program Files\Singles
2008-12-02 20:00:35 ----RHD---- C:\Users\Jake\AppData\Roaming\SecuROM
2008-12-02 19:50:14 ----D---- C:\Program Files\Bus Driver
2008-12-02 19:47:23 ----D---- C:\Users\Jake\AppData\Roaming\GetRightToGo
2008-11-30 19:57:14 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-30 16:47:10 ----D---- C:\Program Files\Bus Simulator
2008-11-30 16:05:34 ----D---- C:\Program Files\ATI
2008-11-30 16:04:34 ----D---- C:\ATI
2008-11-30 12:33:36 ----D---- C:\Program Files\18 Wheels of Steel Haulin
2008-11-29 23:49:17 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-11-29 23:49:17 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-11-29 23:49:16 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-11-29 23:49:16 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-11-29 23:49:12 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-11-29 23:49:12 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-11-29 23:49:11 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-11-29 23:49:10 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-11-29 23:49:09 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-11-29 23:49:09 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-11-29 23:49:07 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-11-29 23:49:07 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-11-29 23:49:05 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-11-29 23:49:04 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-11-29 23:49:01 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-11-29 23:49:01 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-11-29 23:48:55 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-11-29 23:48:53 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-11-29 23:48:52 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-11-29 23:48:52 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-11-29 23:48:51 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-11-29 23:48:50 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-11-29 23:48:50 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-11-29 23:48:50 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-11-29 23:48:50 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-11-29 23:48:47 ----A---- C:\Windows\system32\xinput1_3.dll
2008-11-29 23:48:47 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-11-29 23:48:46 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-11-29 23:48:42 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-11-29 23:48:42 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-11-29 23:48:39 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-11-29 23:48:38 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-11-29 23:48:36 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-11-29 23:48:36 ----A---- C:\Windows\system32\d3dx10.dll
2008-11-29 23:48:32 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-11-29 23:48:32 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-11-29 23:48:32 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-11-29 23:48:25 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-11-29 23:48:23 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-11-29 23:48:22 ----A---- C:\Windows\system32\xinput1_2.dll
2008-11-29 23:48:22 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-11-29 23:48:21 ----A---- C:\Windows\system32\xinput1_1.dll
2008-11-29 23:48:20 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-11-29 23:47:53 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-11-29 23:47:53 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-11-29 23:47:53 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-11-29 23:47:51 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-11-29 23:47:46 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-11-29 23:47:42 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-11-29 23:47:38 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-11-29 23:47:01 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-11-29 23:44:00 ----D---- C:\Program Files\Euro Truck Simulator
2008-11-28 23:25:04 ----D---- C:\games
2008-11-23 13:28:34 ----D---- C:\Program Files\iPod
2008-11-23 13:28:33 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 13:28:33 ----D---- C:\Program Files\iTunes
2008-11-23 13:27:07 ----D---- C:\Program Files\QuickTime
2008-11-20 20:41:43 ----D---- C:\Flash Drive
2008-11-20 00:20:42 ----A---- C:\Windows\system32\d3dx9_27.dll
======List of files/folders modified in the last 1 months======
2008-12-09 20:48:33 ----D---- C:\Windows\Prefetch
2008-12-09 20:48:31 ----D---- C:\Windows\Temp
2008-12-09 20:48:00 ----D---- C:\Windows\System32
2008-12-09 20:47:53 ----D---- C:\Windows\system32\en-US
2008-12-09 20:47:46 ----D---- C:\Windows\system32\drivers
2008-12-09 20:34:56 ----SHD---- C:\System Volume Information
2008-12-09 20:10:14 ----D---- C:\Users\Jake\AppData\Roaming\Azureus
2008-12-09 19:26:42 ----D---- C:\Windows\Logs
2008-12-09 19:24:21 ----D---- C:\Windows\inf
2008-12-09 19:24:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-09 19:03:27 ----D---- C:\Program Files\Common Files
2008-12-09 18:58:44 ----D---- C:\dosprog
2008-12-09 18:50:51 ----RD---- C:\Program Files
2008-12-09 18:47:50 ----A---- C:\Windows\WININIT.INI
2008-12-09 18:46:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-09 18:45:32 ----D---- C:\Windows\system32\WDI
2008-12-09 17:52:20 ----D---- C:\Users\Jake\AppData\Roaming\Mozilla
2008-12-09 17:46:18 ----SD---- C:\Users\Jake\AppData\Roaming\Microsoft
2008-12-09 17:10:41 ----ASH---- C:\Windows\system32\nanehutu.dll
2008-12-09 17:10:39 ----ASH---- C:\Windows\system32\vivopiye.dll
2008-12-09 17:06:48 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-09 16:54:39 ----HD---- C:\$AVG8.VAULT$
2008-12-09 16:43:53 ----D---- C:\Users\Jake\AppData\Roaming\Google
2008-12-09 16:30:32 ----AD---- C:\Windows
2008-12-09 16:29:41 ----D---- C:\Windows\Tasks
2008-12-09 16:29:41 ----D---- C:\Windows\system32\Tasks
2008-12-09 16:20:00 ----SHD---- C:\Windows\Installer
2008-12-09 16:20:00 ----HD---- C:\Config.Msi
2008-12-09 16:19:58 ----RSD---- C:\Windows\assembly
2008-12-09 16:05:36 ----SD---- C:\ProgramData\Microsoft
2008-12-09 15:46:29 ----RSD---- C:\Windows\Fonts
2008-12-09 15:12:25 ----D---- C:\Program Files\Microsoft Games
2008-12-09 15:05:24 ----D---- C:\Windows\winsxs
2008-12-09 12:17:38 ----D---- C:\Program Files\Sierra
2008-12-09 12:17:37 ----D---- C:\Windows\system32\catroot2
2008-12-08 20:35:02 ----HD---- C:\ProgramData
2008-12-08 17:47:05 ----D---- C:\Users\Jake\AppData\Roaming\Vso
2008-12-07 20:55:42 ----D---- C:\Program Files\DOSBox-0.72
2008-12-02 19:59:38 ----D---- C:\Program Files\ValuSoft
2008-11-30 19:57:18 ----SHD---- C:\$Recycle.Bin
2008-11-30 16:06:58 ----D---- C:\Windows\LastGood
2008-11-30 16:06:41 ----D---- C:\Windows\system32\catroot
2008-11-29 04:27:55 ----D---- C:\Program Files\PowerISO
2008-11-29 04:25:00 ----D---- C:\ProgramData\FLEXnet
2008-11-29 04:11:41 ----D---- C:\ProgramData\Adobe
2008-11-29 04:06:28 ----D---- C:\Program Files\Adobe
2008-11-28 22:47:30 ----D---- C:\Program Files\Vuze
2008-11-25 19:58:36 ----D---- C:\Program Files\John Deere American Farmer Deluxe
2008-11-23 13:28:34 ----D---- C:\Program Files\Common Files\Apple
2008-11-20 20:45:42 ----D---- C:\Users\Jake\AppData\Roaming\U3
2008-11-19 17:04:25 ----D---- C:\Windows\system32\spool
2008-11-19 17:03:03 ----D---- C:\Windows\system32\config
2008-11-19 15:31:43 ----D---- C:\Program Files\Common Files\Adobe
2008-11-16 13:25:58 ----D---- C:\Program Files\Sports Mogul
2008-11-16 13:20:14 ----D---- C:\Sports Mogul
2008-11-13 22:06:49 ----D---- C:\Program Files\Opera
2008-11-13 21:36:30 ----D---- C:\Program Files\Firaxis Games
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2006-10-27 102912]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2006-10-03 12288]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-10-28 4017152]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-01-02 1044984]
R3 bfturboh;BUFFALO TurboUSB for HD Filter; C:\Windows\system32\drivers\bfturboh.sys [2007-08-02 15872]
R3 dvd43llh;dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [2008-10-26 18816]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-29 228224]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-24 2054872]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-07-15 47360]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NETMW145;Belkin N1 Wireless Desktop Card Service for Windows XP; C:\Windows\system32\DRIVERS\NETMW145.sys [2006-08-16 553984]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-10-28 4017152]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 62464]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-04-26 304920]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 astcc;AST Service; C:\Windows\SYSTEM32\astsrv.exe [2008-05-07 57344]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-10-28 712704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-07-10 72704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 iPAHelper.exe;iPAHelper.exe; C:\Program Files\iPod Access for Windows\iPAHelper.exe [2007-04-05 1543614]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-15 654848]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\Windows\system32\regedt32.exe [2006-11-02 9216]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-10 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-10 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
-----------------EOF-----------------
-
It's probably a certain rootkit causing it not to run
Do me a favor, ensure you don't use a USB flash drive or similiar to transfer files
Let's try another step, I want to see what you can run on this computer
Download DDS and save it to your desktop from here (http://\"http://www.techsupportforum.com/sectools/sUBs/dds\") or here (http://\"http://download.bleepingcomputer.com/sUBs/dds.scr\") or here (http://\"http://www.forospyware.com/sUBs/dds\").
Disable any script blocker, and then double click dds.scr to run the tool.
It may be named dds.pif or dds.com, depending on the download, if one won't run, try another download location
- When done, DDS.txt will open.
- Click Yes at the next prompt for Optional Scan.
- Save both reports to your desktop.
1. DDS.txt
2. Attach.txt
[/list]
Please post those logs if you can get them to run, if you can get it to run, but the logs won't open
Let me know also please
-
Ok, so I've been going to a clean computer to dowload these apps because I cannot on mine, but I managed to get this one to work as well. Here are the logs attached.
DDS (Version 1.0) - NTFSx86
Run by Jake at 21:02:58.80 on Tue 12/09/2008
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_10
Microsoft� Windows Vista� Home Premium 6.0.6001.1.1252.1.1033.18.3325.1951 [GMT -6:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Users\Jake\AppData\Local\Temp\winloggn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Jake\Downloads\HJTInstall.exe
C:\Users\Jake\Desktop\mbam-setup.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Program Files\ValuSoft\John Deere Drive Green\DriveGreen1.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jake\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080710
uSearch Page =
uSearch Bar =
mSearchAssistant =
BHO: {326c656a-e58c-4cf9-bc3b-ab63acfb5bb9} - c:\windows\system32\sopakowo.dll
BHO: {D5BF49A2-94F1-42BD-F434-3604812C807D} - c:\windows\system32\jsdf768wude.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [xsjfn83jkemfofght] c:\users\jake\appdata\local\temp\winloggn.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [<NO NAME>]
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [CPM3fb74c4a] Rundll32.exe "c:\windows\system32\vivopiye.dll",a
mRun: [gozugibaze] Rundll32.exe "c:\windows\system32\wimavapa.dll",s
mRun: [3c847fd6] rundll32.exe "c:\windows\system32\kusisepa.dll",b
mRun: [xsjfn83jkemfofght] c:\users\jake\appdata\local\temp\winloggn.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\windows\system32\vivopiye.dll,c:\windows\system32\hapoyivu.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vivopiye.dll
STS: {D5BF49A2-94F1-42BD-F434-3604812C807D} - c:\windows\system32\jsdf768wude.dll
STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vivopiye.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\windows\system32\hapoyivu.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJDuttq
============= SERVICES / DRIVERS ===============
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2006-10-3 12288]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 ekrn;Eset Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" [2008-2-20 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2006-11-2 9216]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2007-8-2 15872]
S3 NETMW145;Belkin N1 Wireless Desktop Card Service for Windows XP;c:\windows\system32\drivers\NETMW145.sys [2008-8-27 553984]
=============== Created Last 30 ================
2008-12-09 20:47 318,976 a------- c:\windows\system32\CF30199.exe
2008-12-09 18:08 939,368 a------- c:\windows\system32\Flash.ocx
2008-12-09 18:08 512,688 a------- c:\windows\system32\XceedCry.dll
2008-12-09 18:08 423,784 a------- c:\windows\system32\XceedBkp.dll
2008-12-09 18:08 131,856 a------- c:\windows\system32\MSADODC.ocx
2008-12-09 18:08 389,120 a------- c:\windows\system32\ACTSKN43.OCX
2008-12-09 18:08 188,416 a------- c:\windows\system32\actsplash.ocx
2008-12-09 18:08 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2008-12-09 18:08 89,088 a------- c:\windows\system32\ProgressBar4.ocx
2008-12-09 18:08 11,012 a------- c:\windows\system32\threadapi.tlb
2008-12-09 17:52 <DIR> --d----- c:\program files\Mozilla Firefox 3.1 Beta 2
2008-12-09 17:10 1,491,137 ---sh--- c:\windows\system32\apesisuk.ini
2008-12-09 16:46 921,600 a------- c:\windows\system32\Autodata.v3.18.Multilanguage.(2007).zip
2008-12-09 16:43 <DIR> --d----- c:\users\jake\appdata\roaming\AEVITA
2008-12-09 16:43 <DIR> --d----- c:\program files\AEVITA Wipe & Delete
2008-12-09 16:34 239,616 a------- c:\windows\system32\geBTjHXr.dll
2008-12-09 16:30 39,936 a------- c:\windows\system32\fccyvSLC.dll
2008-12-09 16:29 428,973 a------- c:\windows\ndxq3074.exe
2008-12-09 16:29 39,936 a------- c:\windows\system32\opnlIyVN.dll
2008-12-09 16:29 16,384 a------- c:\windows\j414.exe
2008-12-09 16:29 16,384 a------- c:\windows\lik02.exe
2008-12-09 16:29 65,024 a------- c:\windows\system32\efcAQJyv.dll
2008-12-09 16:29 16,384 a------- c:\windows\tj85.exe
2008-12-09 16:29 905,545 a------- c:\windows\eo4.exe
2008-12-09 16:29 54,255 a------- c:\windows\ee3362.exe
2008-12-09 16:29 1,807,468 a------- c:\windows\h288.exe
2008-12-09 16:28 473,088 a------- c:\windows\nc605007.exe
2008-12-09 16:28 15,000 a------- c:\windows\system32\jsdf768wude.dll
2008-12-09 16:28 84,982 a------- c:\windows\tjyvb346054.exe
2008-12-09 16:28 191,943 a------- c:\windows\nohh06760.exe
2008-12-08 20:35 <DIR> --d----- c:\programdata\HP Product Assistant
2008-12-08 17:57 <DIR> --d----- c:\users\jake\appdata\roaming\ValuSoft
2008-12-08 17:47 <DIR> --d----- c:\program files\Prison Tycoon 4
2008-12-08 17:32 <DIR> --d----- c:\program files\Singles
2008-12-02 19:50 <DIR> --d----- c:\program files\Bus Driver
2008-12-02 19:47 <DIR> --d----- c:\users\jake\appdata\roaming\GetRightToGo
2008-11-30 19:57 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-30 16:47 <DIR> --d----- c:\program files\Bus Simulator
2008-11-30 16:05 <DIR> --d----- c:\program files\ATI
2008-11-30 16:04 <DIR> --d----- C:\ATI
2008-11-30 12:33 <DIR> --d----- c:\program files\18 Wheels of Steel Haulin
2008-11-29 23:52 73,728 a------- c:\windows\system32\ISUSPM.cpl
2008-11-29 23:48 3,734,536 a------- c:\windows\system32\d3dx9_36.dll
2008-11-29 23:47 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2008-11-29 23:44 <DIR> --d----- c:\program files\Euro Truck Simulator
2008-11-28 23:25 <DIR> --d----- C:\games
2008-11-23 13:28 <DIR> --d----- c:\program files\iPod
2008-11-23 13:28 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 13:28 <DIR> --d----- c:\program files\iTunes
2008-11-23 13:28 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-20 20:41 <DIR> --d----- C:\Flash Drive
==================== Find3M ====================
2008-12-09 17:10 63,030 a--sh--- c:\windows\system32\nanehutu.dll
2008-12-09 17:10 93,750 a--sh--- c:\windows\system32\vivopiye.dll
2008-11-30 16:06 143,360 a------- c:\windows\inf\infstrng.dat
2008-11-30 16:06 51,200 a------- c:\windows\inf\infpub.dat
2008-11-30 16:06 86,016 a------- c:\windows\inf\infstor.dat
2008-10-28 21:11 4,017,152 a------- c:\windows\system32\drivers\atikmdag.sys
2008-10-28 20:21 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2008-10-28 20:20 159,744 a------- c:\windows\system32\atitmmxx.dll
2008-10-28 20:20 331,776 a------- c:\windows\system32\atipdlxx.dll
2008-10-28 20:20 262,144 a------- c:\windows\system32\Oemdspif.dll
2008-10-28 20:19 43,520 a------- c:\windows\system32\ati2edxx.dll
2008-10-28 20:19 274,432 a------- c:\windows\system32\Ati2evxx.dll
2008-10-28 20:18 712,704 a------- c:\windows\system32\Ati2evxx.exe
2008-10-28 20:09 2,243,584 a------- c:\windows\system32\atidxx32.dll
2008-10-28 20:03 3,955,712 a------- c:\windows\system32\atiumdag.dll
2008-10-28 19:47 10,629,120 a------- c:\windows\system32\atioglxx.dll
2008-10-28 19:41 4,730,880 a------- c:\windows\system32\atiumdva.dll
2008-10-28 19:27 50,688 a------- c:\windows\system32\amdpcom32.dll
2008-10-28 19:27 54,272 a------- c:\windows\system32\atiadlxx.dll
2008-10-28 19:10 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2008-10-26 21:11 18,816 a------- c:\windows\system32\drivers\dvd43llh.sys
2008-10-22 16:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 16:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-10-21 20:35 410,976 a------- c:\windows\system32\deploytk.dll
2008-10-21 11:51 118,784 a------- c:\windows\system32\atibrtmon.exe
2008-10-21 10:40 81,920 a------- c:\windows\system32\ATIODE.exe
2008-10-21 10:40 45,056 a------- c:\windows\system32\ATIODCLI.exe
2008-10-06 00:12 0 a------- c:\users\jake\appdata\roaming\wklnhst.dat
2008-09-29 00:07 202,899,670 a------- c:\users\jake\BackupRegistry(20080929).reg
2008-09-28 12:46 284,248 a------- c:\program files\npmusicn.dll
2008-07-22 01:03 233,472 a------- c:\users\jake\appdata\roaming\REX Shared Library.dll
2008-07-22 01:03 225,280 a------- c:\users\jake\appdata\roaming\Rewire.dll
2008-07-15 17:04 604 a---h--- c:\program files\STLL Notifier
2008-07-15 16:25 87,608 a------- c:\users\jake\appdata\roaming\ezpinst.exe
2008-07-15 16:25 47,360 a------- c:\users\jake\appdata\roaming\pcouffin.sys
2008-07-14 16:33 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 20:43 174 a--sh--- c:\program files\desktop.ini
2006-12-31 23:16 61,224 a------- c:\users\jake\GoToAssistDownloadHelper.exe
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-09 17:10 63,030 a--sh--- c:\windows\system32\hapoyivu.dll
2008-07-27 16:44 859,421 a--sh--- c:\windows\system32\qttuDJlm.ini2
2008-09-09 17:10 63,030 a--sh--- c:\windows\system32\wimavapa.dll
============= FINISH: 21:03:43.46 ===============
-
Can you try something for me
I've uploaded a file called ComboFix.zip below
Can you save it to the infected computers desktop
Unzip the contents to your desktop
Double click on ComboFix.com and see if it will run
-
doesn't work. This one when opened with winrar says "unexpected end of archive" and then the .com file will not open.
-
Instead of using WinRar, can you use the built in extracting utility
Forgot you are running Vista
-
how do I use the built in unarchiver? I have no idea how to access it.
-
I've got to get to bed. I should be home at around 4 PM Central Standard Time tomorrow...can we resume then? I greatly appreciate all of your help so far! Thanks! Good night.
Jake
-
Sorry, I don't have access to a Vista machine right now
Let's try something different
Ok, I've uploaded again a file called
Drummer.txt
Save this directly to your desktop
Once saved to your desktop
Ensure that Vista has known file extensions showing
Start>>Control Panel>>Appearance and Personalization>>Folder Options.
Click the View tab, and then, under Advanced settings
Clear the Hide extensions for known file types and click OK
Now download Drummer.txt from Below
On desktop, rename it to Drummer.exe
Don't try and run it yet
Access your Device Manager
Start>>Control Panel >>System and Maintenance>>click on the System link and then on the left hand side under the Tasks pane, click on Device Manager
Once in Device manager
Click on VIEW>>Show Hidden Devices
Expand (+) on Non Plug and Play drivers
Look in the list for something similiar as the following
TDSSserv.sys
Do you see it?
Edit>>Forgot to upload the file
In addition, you may have to right click on the attachment and choose Save Link as....
-
I haven't gotten the file on my computer because I can't even get firefox or IE to run for more than five seconds before mozilla crashes or IE stops working. I'm on my laptop now. I know you said no flash drives so I don't have a way to get that file on my computer right now. I did go into device manger and I did find TDSServ.sys though.
-
I just stepped in, on my way out again
In the meantime
You may have ComboFix earlier if I remember
Can you go back into device manager
Find TDSSserv.sys
Right click on it and Disable it
Ok the prompts
Restart the computer
Try running combofix again
If you have to redownload it and transfer it to desktop from the laptop on flash drive
Do so, but refrain from putting the flashdrive back in the laptop till we are sure it's clean
Ahead of time, move any files from the flash drive to the laptop you may need to save
-
[quote name=\'guestolo\' post=\'449725\' date=\'Dec 10 2008, 04:46 PM\']I just stepped in, on my way out again
In the meantime
You may have ComboFix earlier if I remember
Can you go back into device manager
Find TDSSserv.sys
Right click on it and Disable it
Ok the prompts
Restart the computer
Try running combofix again
If you have to redownload it and transfer it to desktop from the laptop on flash drive
Do so, but refrain from putting the flashdrive back in the laptop till we are sure it's clean
Ahead of time, move any files from the flash drive to the laptop you may need to save[/quote]
My only option was to uninstall, which I did. I restarted, but combofix would not run.
-
Is that after you tranferred ComboFix to desktop
Try right clicking on ComboFix and choose to "Run as Administrator"
See if that works
Is your AntiVirus shut down?
-
[quote name=\'guestolo\' post=\'449738\' date=\'Dec 10 2008, 05:51 PM\']Is that after you tranferred ComboFix to desktop
Try right clicking on ComboFix and choose to "Run as Administrator"
See if that works
Is your AntiVirus shut down?[/quote]
Anti Virus is on, When I click on it it says" combofix has stopped working " just the standard non responding window.
-
But I asked you to shut down your AntiVirus when trying to run ComboFix?
When I click on it it says" combofix has stopped working " just the standard non responding window.
What do you mean by that?
-
[quote name=\'guestolo\' post=\'449749\' date=\'Dec 10 2008, 06:16 PM\']But I asked you to shut down your AntiVirus when trying to run ComboFix?[/quote]
Sorry about that. Same thing happened when I disabled virus protection.
-
When I click on it it says" combofix has stopped working " just the standard non responding window.
What do you mean by that, are you trying to click ComboFix as it's running
Let me remind you of the first instructions with ComboFix
No need for the recovery console, so I'll eliminate those instructions
Can you ensure you following these steps
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
In your case, right click on ComboFix and "Run As Administrator"
[/list]
Click on Yes, to continue scanning for malware.
I'll add this in also, when ComboFix is running, don't double click on it's screen, it may cause it to stall
Did you do that?
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply
Now, can I ask, did you download a fresh copy of ComboFix?
-
[quote name=\'guestolo\' post=\'449751\' date=\'Dec 10 2008, 06:24 PM\']What do you mean by that, are you trying to click ComboFix as it's running
Let me remind you of the first instructions with ComboFix
No need for the recovery console, so I'll eliminate those instructions
Can you ensure you following these steps
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
In your case, right click on ComboFix and "Run As Administrator"
[/list]
Click on Yes, to continue scanning for malware.
I'll add this in also, when ComboFix is running, don't double click on it's screen, it may cause it to stall
Did you do that?
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply
Now, can I ask, did you download a fresh copy of ComboFix?[/quote]
When I say stopped running, I mean I clicked on the icon, and immediately I get a windows popup stating the application has stopped working. This is the same for several other applications Including google chrome, and spyware doctor.
I will try to run combo fix with a fresh download as I did not use a fresh download.
-
[quote name=\'mapexdrummer17\' post=\'449768\' date=\'Dec 10 2008, 08:06 PM\']When I say stopped running, I mean I clicked on the icon, and immediately I get a windows popup stating the application has stopped working. This is the same for several other applications Including google chrome, and spyware doctor.
I will try to run combo fix with a fresh download as I did not use a fresh download.[/quote]
Fresh Download was same way. It states "combofix has stopped working" before anything happens. Windows then says "a problem caused the program to stop working." Big Help windows...thanks.
-
Are you able to download with the infected computer?
Try this
Download Avenger.zip and unzip it to desktop
See if it will run
http://swandog46.geekstogo.com/avenger2/download.php (http://\"http://swandog46.geekstogo.com/avenger2/download.php\")
Try right clicking on Avenger.exe and choose to "Run as Administrator"
If it will run, can you just leave it open for now