HELP!!! VIRUS PREVENTS ME FROM INSTALLING ANTI-VIRUS!

Posted 5/28/2009 2:30 PM
#73909
User avatar

kamran500 Member

Date Joined Nov 2016
Total Posts: 9
Hey, i've got some viruses and my computer and its disabled registry editing and crt alt delete, and i've tried to do a lot to get rid of it but everytime i try to install an antivirus it just makes an error or says it can't edit the name and rolls back the changes, <br/> <br/> <br/>can anyone help me out?
Posted 5/29/2009 3:49 AM
#73918
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello kamran500 :smile: <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Please download combofix here -> <SPAN style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana"><SPAN lang=EN-GB style="mso-ansi-language: EN-GB">http://download.bleepingcomputer.com/sUBs/ComboFix.exe<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/>Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it. <br/> <br/>Now, please make sure no other programs are running, close all other windows.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/>Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. <br/>Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. <br/>It may take a while to complete scanning and this is normal. <br/> <br/>You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after <br/>scanning has completed. <br/> <br/>Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 5/29/2009 9:46 PM
#73946
User avatar

kamran500 Member

Date Joined Nov 2016
Total Posts: 9
Ok i tried to start up combofix but no prompts came up, then a blank blue notepad sort of program came up and then an application error message by ping.exe shows up saying <br/> <br/> 'the instruction at ''0x5a0030fa'' a referenced memory at ''0x00a6b380'', the memory could not be read''. click ok to terminate program' <br/> <br/>after i clicked ok another error message came up saying <br/> <br/>the instruction at ''0x5a0018d6'' a referenced memory at ''0x5a01fe04'', the memory could not be ''written''. click ok to terminate program' <br/> <br/>and then i'm left with the blank blue program.
Posted 5/30/2009 4:33 AM
#73963
Posted 6/1/2009 3:25 AM
#73992
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Good grief, what have you done :shocked: <br/> <br/> <br/> <br/> <br/>The log is impossible to read.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/1/2009 4:22 PM
#73997
User avatar

kamran500 Member

Date Joined Nov 2016
Total Posts: 9
lol it just came out like that on the notepad like thing, when i started up the screen saver thing you sent me
Posted 6/2/2009 10:59 AM
#74012
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
I´ve deleted the log ;-) <br/> <br/><br /><br /> <br/>Rigthclick on [3][color=#333333>[b]<FONT face=Verdana][2]DDs.scr[/2][/color][/b] and rename it to DDs.com[/3]</FONT> <br/> <br/>Post new log, if it is readable

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/18/2009 8:05 PM
#75261
User avatar

kamran500 Member

Date Joined Nov 2016
Total Posts: 9
sorry for taking so long to reply, ive been very busy
Posted 7/18/2009 8:06 PM
#75262
User avatar

kamran500 Member

Date Joined Nov 2016
Total Posts: 9
DDS (Ver_09-05-14.01) - NTFSx86 <br/>Run by Kamran 2 at 12:23:19.53 on Sat 07/18/2009 <br/>Internet Explorer: 7.0.5730.11 <br/> <br/>============== Running Processes =============== <br/> <br/> <br/>============== Pseudo HJT Report =============== <br/> <br/>uStart Page = hxxp://home.alot.com/?client_id=A49E342001C9CE65005CABC1&install_time=06-05-2009:17:13&src_id=11028&camp_id=162&tb_version=2.4.2.399 <br/>uInternet Connection Wizard,ShellNext = iexplore <br/>uInternet Settings,ProxyServer = http=localhost:7171 <br/>uInternet Settings,ProxyOverride = *.local;<local> <br/>mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,c:\windows\system32\twext.exe,c:\windows\system32\msupdt.exe, <br/>BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll <br/>BHO: MSN helper: {10c0b0c0-fc01-473b-8ebb-4376353f96e4} - bekbn.dll <br/>BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll <br/>BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll <br/>BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll <br/>BHO: MS extension: {7c7efe99-c71f-48b8-8cc8-ba506ca76a33} - magks32.dll <br/>BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File <br/>BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll <br/>BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton antivirus\NavShExt.dll <br/>BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll <br/>BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll <br/>BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll <br/>TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton antivirus\NavShExt.dll <br/>TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll <br/>TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File <br/>EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File <br/>uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe <br/>uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe <br/>uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 <br/>uRun: [SMSystemAnalyzer] "c:\program files\iolo\system mechanic professional 7\SMSystemAnalyzer.exe" <br/>uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun <br/>uRun: [ares] "c:\program files\ares\Ares.exe" -h <br/>uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background <br/>uRun: [SYS32DLL] SYS32DLL <br/>uRun: [Internet Antivirus Pro] "c:\program files\internet antivirus pro\IAPro.exe" /s <br/>uRun: [SYSDLL] SYSDLL <br/>mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" <br/>mRun: [USIUDF_Eject_Monitor] c:\program files\common files\ulead systems\dvd\USISrv.exe <br/>mRun: [Ulead Quick-Drop] "c:\program files\ulead systems\ulead dvd moviefactory 4.0 suite\ulead quick-drop 1.0\Quick-Drop.exe" WINDOWCALL <br/>mRun: [SoundMan] SOUNDMAN.EXE <br/>mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe" <br/>mRun: [Norton] c:\program files\asus\wlan card utilities\NorExec.exe <br/>mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe <br/>mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN <br/>mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit <br/>mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe" <br/>mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto <br/>mRun: [sysldtray] c:\windows\ld08.exe <br/>mRun: [brastia] brastia.exe <br/>dRun: [svc] c:\program files\thunmail\testabd.exe <br/>uPolicies-system: DisableTaskMgr = 1 (0x1) <br/>uPolicies-system: DisableRegistryTools = 1 (0x1) <br/>IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 <br/>IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe <br/>IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe <br/>IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll <br/>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL <br/>IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL <br/>LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll <br/>DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab <br/>DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab <br/>DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab <br/>DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab <br/>DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab <br/>DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://www.runaware.com/dolphin/wficat.cab <br/>DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab <br/>DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141481718203 <br/>DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab <br/>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab <br/>DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab <br/>DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe <br/>DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab <br/>DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab <br/>DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab <br/>DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab <br/>DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab <br/>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab <br/>DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab <br/>Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll <br/>Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <br/>Notify: WRNotifier - WRLogonNTF.dll <br/>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll <br/> <br/>============= SERVICES / DRIVERS =============== <br/> <br/> <br/>============== File Associations =============== <br/> <br/>JSEFile=NOTEPAD.EXE %1 <br/>regfile=NOTEPAD.EXE %1 <br/>scrfile=NOTEPAD.EXE %1 <br/>VBEFile=NOTEPAD.EXE %1 <br/>VBSFile=NOTEPAD.EXE %1 <br/> <br/>=============== Created Last 30 ================ <br/> <br/> <br/>==================== Find3M ==================== <br/> <br/>2009-06-03 17:44 17,408 a------- c:\windows\system32\SYSDLL.exe <br/>2009-05-31 20:36 70,144 a------- c:\windows\system32\inform.dat <br/>2009-05-31 20:36 42,496 a------- c:\windows\system32\bekbn.dll <br/>2009-05-29 22:26 388,608 a------- c:\windows\system32\CF12432.exe <br/>2009-05-29 22:10 388,608 a------- c:\windows\system32\CF9294.exe <br/>2009-05-29 22:04 17,408 a------- c:\windows\st_1243640061.exe <br/>2009-05-29 22:04 388,608 a------- c:\windows\system32\CF8271.exe <br/>2009-05-28 15:12 17,408 a------- c:\windows\st_1243534364.exe <br/>2009-05-28 15:04 15,872 a------- c:\windows\st_1243551312.exe <br/>2009-05-28 11:13 17,408 a------- c:\windows\st_1243508593.exe <br/>2009-05-27 13:31 34,304 a------- c:\windows\system32\magks32.dll <br/>2009-05-27 12:47 17,408 a------- c:\windows\st_1243452725.exe <br/>2009-05-27 11:00 124,928 a------- c:\windows\system32\sopidkc.exe <br/>2009-05-27 11:00 158,720 a------- c:\windows\system32\tpsaxyd.exe <br/>2009-05-27 07:14 36,864 a------- c:\windows\system32\dpcxool64.sys <br/>2009-05-26 23:41 17,408 a------- c:\windows\st_1243388353.exe <br/>2009-05-26 22:30 17,408 a------- c:\windows\st_1243403935.exe <br/>2009-05-26 21:37 23,040 a------- c:\windows\system32\file.exe <br/>2009-05-25 17:06 14,848 a---h--- c:\windows\ld08.exe <br/>2009-05-24 15:25 23,552 ----h--- c:\windows\romeo15.exe <br/>2009-05-24 15:25 41,984 ----h--- c:\windows\freddy43.exe <br/>2009-05-20 17:35 13,312 ----h--- c:\windows\pp10.exe <br/>2009-05-19 15:33 5,453 a------- c:\windows\st_1242762082.exe <br/>2009-05-19 15:33 5,461 a------- c:\windows\st_1242743654.exe <br/>2009-05-19 15:23 28,672 a------- c:\program files\common files\file.exe <br/>2009-05-19 15:23 2,270,756 a------- c:\program files\common files\InternetAntivirusPro.exe <br/>2009-05-19 15:20 13,312 ----h--- c:\windows\pp09.exe <br/>2009-05-19 14:35 12,800 ----h--- c:\windows\pp08.exe <br/>2009-05-18 15:03 16,384 a------- c:\windows\st_1242673882.exe <br/>2009-05-18 15:03 16,896 a------- c:\windows\st_1242655454.exe <br/>2009-05-05 15:01 10,752 ----h--- c:\windows\pp06.exe <br/>2009-05-03 12:58 4,812 a------- c:\docume~1\kamran~1\applic~1\wklnhst.dat <br/>2009-04-22 15:33 34,304 a------- c:\windows\system32\fow64.dll <br/>2007-12-07 19:23 92,040 a------- c:\docume~1\kamran~1\applic~1\GDIPFONTCACHEV1.DAT <br/>2006-05-03 10:06 163,328 ---shr-- c:\windows\system32\flvDX.dll <br/>2007-02-21 11:47 31,232 ---shr-- c:\windows\system32\msfDX.dll <br/>2009-04-05 18:41 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat <br/> <br/>============= FINISH: 12:24:02.21 ===============
Posted 7/18/2009 8:06 PM
#75263
User avatar

kamran500 Member

Date Joined Nov 2016
Total Posts: 9
it says the other file should be attached but i dont know how to attach it
Posted 7/18/2009 8:31 PM
#75264
User avatar

kamran500 Member

Date Joined Nov 2016
Total Posts: 9
should i just copy and paste the stuff that was on the attach file?
Posted 7/19/2009 4:55 AM
#75267
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
No need for attach file now. <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Please download<SPAN style="mso-spacerun: yes"> [color=#0000ff>http://swandog46.geekstogo.com/avenger2/download.php</FONT>[/url]<?xml:namespace]<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> by Swandog46 to your Desktop.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Click on Avenger.zip to open the file <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Extract avenger2.exe to your desktop<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Start Avenger<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">-------------------------------------------------------- <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Files to delete:<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\SYSDLL.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\inform.dat<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\bekbn.dll<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\CF12432.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\CF9294.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\st_1243640061.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\CF8271.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\st_1243534364.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\st_1243551312.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\st_1243508593.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\magks32.dll<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\st_1243452725.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\sopidkc.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\tpsaxyd.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\dpcxool64.sys<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\st_1243388353.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\st_1243403935.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\file.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\ld08.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\romeo15.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\freddy43.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\pp10.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\st_1242762082.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\st_1242743654.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\program files\common files\file.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\program files\common files\InternetAntivirusPro.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\pp09.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\pp08.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\st_1242673882.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\st_1242655454.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\pp06.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\sdra64.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\twext.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">c:\windows\system32\msupdt.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Folders to delete: <br/><FONT color=black><SPAN lang=EN style="COLOR: #333333; mso-ansi-language: EN">c:\program files\ares <br/>c:\program files\internet antivirus pro[/color][/b] <br/> <br/>[color=black><SPAN]<SPAN lang=EN-GB style="mso-ansi-language: EN-GB"><o:p></o:p>[/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">------------------------------------------------------<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Copy/Paste all the text<SPAN style="mso-spacerun: yes"> in Bold into the main window <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Click Execute <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">The Avenger will automatically do the following: <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">It will Restart your computer. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">On reboot, it will briefly open a black command window on your desktop, this is normal.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">After the restart, it creates a log file that should open with the results of Avenger’s actions. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">This log file will be located at<SPAN style="mso-spacerun: yes"> C:\avenger.txt<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Post C:\avenger.txt in next reply. <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">If you can run combofix now, please do: <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Download combofix here -><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Before Saving it to Desktop, please rename it to 321.com to stop malware from disabling it. <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Post that log, along with avenger txt <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/19/2009 10:10 AM
#75272
User avatar

kamran500 Member

Date Joined Nov 2016
Total Posts: 9
i tried to start up avenger but it won't let me
Posted 7/19/2009 10:42 AM
#75273
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Rename it to anger.com and see if it will run. <br/> <br/> <br/>Otherwise try this: <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Download and run combofix here -><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Before Saving it to Desktop, please rename it to 321.com to stop malware from disabling it.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/19/2009 11:41 AM
#75274
User avatar

kamran500 Member

Date Joined Nov 2016
Total Posts: 9
thanks for all the help my computers back to normal and everything works again now
Posted 4/20/2010 2:28 AM
#85159
User avatar

Billy111890 Member

Date Joined Nov 2016
Total Posts: 1
ComboFix 10-04-18.04 - Billy Cunningham 04/19/2010 20:55:16.1.2 - x86 <br/>Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1743 [GMT -5:00] <br/>Running from: c:\users\Billy Cunningham\Downloads\ComboFix.exe <br/>SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>c:\$recycle.bin\S-1-5-21-1979162389-1941881892-3831843016-500 <br/>c:\$recycle.bin\S-1-5-21-427780325-685722781-619065541-500 <br/>c:\users\Billy Cunningham\AppData\Roaming\CyberDefender <br/>c:\users\Billy Cunningham\AppData\Roaming\CyberDefender\Registry Cleaner\lastresults.cdr <br/>c:\windows\system32\spool\prtprocs\w32x86\00002d18.tmp <br/>c:\windows\system32\Thumbs.db <br/>c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job <br/> <br/>. <br/>((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2010-04-20 02:06 . 2010-04-20 02:07 -------- d-----w- c:\users\Billy Cunningham\AppData\Local\temp <br/>2010-04-20 02:06 . 2010-04-20 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2010-04-19 23:55 . 2010-04-19 23:55 -------- d-----w- c:\windows\Sun <br/>2010-04-19 22:47 . 2010-04-19 22:47 1721704 ----a-w- c:\programdata\TOSHIBA\TSS\Plugins\SwUpdates\Packages\5d4dcd63-0e0d-46f3-850e-c0d1ea03fb21\143450_13.13.48.os2010009a_150.exe <br/>2010-04-19 22:44 . 2010-04-19 22:46 24579968 ----a-w- c:\programdata\TOSHIBA\TSS\Plugins\SwUpdates\Packages\ccc50d41-4e71-426e-be0a-5163de4e5d12\165734_11.30.03.TC00174800D.exe <br/>2010-04-19 22:37 . 2010-04-19 22:37 680 ----a-w- c:\users\Billy Cunningham\AppData\Local\d3d9caps.dat <br/>2010-04-19 16:24 . 2010-04-19 16:24 -------- d-----w- c:\program files\Google <br/>2010-04-19 04:04 . 2010-04-19 04:04 95768 ----a-w- c:\users\Billy Cunningham\AppData\Local\GDIPFONTCACHEV1.DAT <br/>2010-04-19 02:33 . 2010-04-19 02:33 -------- d-----w- c:\users\Billy Cunningham\AppData\Local\SDLSDWWR <br/>2010-04-14 22:58 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys <br/>2010-04-14 22:58 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys <br/>2010-04-14 22:58 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys <br/>2010-04-14 22:57 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe <br/>2010-04-14 22:57 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe <br/>2010-04-14 22:57 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll <br/>2010-04-14 22:57 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys <br/>2010-04-14 22:57 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll <br/>2010-04-14 22:57 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys <br/>2010-04-14 10:35 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll <br/>2010-04-14 10:35 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll <br/>2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe <br/>2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll <br/>2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe <br/>2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2010-04-19 23:57 . 2009-09-05 22:41 1 ----a-w- c:\users\Billy Cunningham\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys <br/>2010-04-19 16:27 . 2010-01-10 06:17 -------- d-----w- c:\program files\Common Files\AOL <br/>2010-04-19 16:24 . 2009-05-04 03:34 -------- d-----w- c:\program files\Picasa2 <br/>2010-04-17 05:43 . 2009-11-10 05:31 -------- d-----w- c:\users\Billy Cunningham\AppData\Roaming\vlc <br/>2010-04-17 04:01 . 2009-09-06 00:20 -------- d-----w- c:\users\Billy Cunningham\AppData\Roaming\BitTorrent <br/>2010-04-08 16:36 . 2009-09-17 01:37 -------- d-----w- c:\users\Billy Cunningham\AppData\Roaming\Skype <br/>2010-04-08 16:19 . 2009-09-17 01:40 -------- d-----w- c:\users\Billy Cunningham\AppData\Roaming\skypePM <br/>2010-03-24 18:37 . 2010-03-13 00:48 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys <br/>2010-03-24 18:37 . 2010-03-13 00:48 215104 ----a-w- c:\windows\system32\PnkBstrB.exe <br/>2010-03-13 02:12 . 2010-03-13 00:48 75064 ----a-w- c:\windows\system32\PnkBstrA.exe <br/>2010-03-13 00:48 . 2010-03-13 00:48 22328 ----a-w- c:\users\Billy Cunningham\AppData\Roaming\PnkBstrK.sys <br/>2010-03-13 00:48 . 2010-03-13 00:48 22328 ----a-w- c:\users\Billy Cunningham\AppData\Roaming\PnkBstrK.sys <br/>2010-03-13 00:48 . 2009-05-04 03:07 -------- d--h--w- c:\program files\InstallShield Installation Information <br/>2010-03-08 02:53 . 2010-03-08 02:53 -------- d-----w- c:\users\Billy Cunningham\AppData\Roaming\Turbine <br/>2010-03-07 19:11 . 2010-03-07 19:07 -------- d-----w- c:\programdata\PMB Files <br/>2010-02-27 17:57 . 2010-02-27 17:57 -------- d-----w- c:\users\Billy Cunningham\AppData\Roaming\Unity <br/>2010-02-24 15:16 . 2009-10-04 01:15 181632 ------w- c:\windows\system32\MpSigStub.exe <br/>2010-02-23 06:39 . 2010-03-31 11:46 916480 ----a-w- c:\windows\system32\wininet.dll <br/>2010-02-23 06:33 . 2010-03-31 11:46 71680 ----a-w- c:\windows\system32\iesetup.dll <br/>2010-02-23 06:33 . 2010-03-31 11:46 109056 ----a-w- c:\windows\system32\iesysprep.dll <br/>2010-02-23 04:55 . 2010-03-31 11:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe <br/>2010-02-20 23:06 . 2010-03-11 23:26 24064 ----a-w- c:\windows\system32\nshhttp.dll <br/>2010-02-20 23:05 . 2010-03-11 23:25 30720 ----a-w- c:\windows\system32\httpapi.dll <br/>2010-02-20 20:53 . 2010-03-11 23:26 411648 ----a-w- c:\windows\system32\drivers\http.sys <br/>2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr <br/>2010-02-11 17:54 . 2009-05-04 03:06 411368 ----a-w- c:\windows\system32\deploytk.dll <br/>2010-01-23 09:26 . 2010-02-24 20:55 2048 ----a-w- c:\windows\system32\tzres.dll <br/>2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll <br/>2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll <br/>2009-09-05 20:43 . 2009-09-05 20:43 13 --sh--r- c:\windows\System32\drivers\fbd.sys <br/>2009-09-05 20:42 . 2009-09-05 20:42 4 --sh--r- c:\windows\System32\drivers\taishop.sys <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] <br/>"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664] <br/>"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] <br/>"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680] <br/>"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-07 2937528] <br/>"StartServiceSDLSDWWR"="c:\users\Billy Cunningham\AppData\Local\SDLSDWWR\StartService.exe" [2010-04-19 475136] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 150040] <br/>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 178712] <br/>"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 154136] <br/>"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320] <br/>"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160] <br/>"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-12-18 448376] <br/>"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088] <br/>"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304] <br/>"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-04-17 2513472] <br/>"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-03-25 163840] <br/>"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-15 1318912] <br/>"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-03-17 304496] <br/>"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384] <br/>"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] <br/>"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1007616] <br/>"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2009-04-10 570736] <br/>"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384] <br/>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] <br/>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] <br/>"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] <br/>"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304] <br/>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672] <br/>"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504] <br/>"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] <br/>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] <br/>"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] <br/>"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-02-05 454400] <br/>"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 106496] <br/> <br/>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>Logicool SetPoint.lnk - c:\program files\Logicool\SetPoint\SetPoint.exe [2009-9-15 809488] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] <br/>@="Service" <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] <br/>"VistaSp2"=hex(b):df,96,33,c6,2b,30,ca,01 <br/> <br/>S1 aswSP;avast! Self Protection; [x] <br/>S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560] <br/>S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328] <br/>S2 camsvc;TOSHIBA Web Camera Service;c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-17 20544] <br/>S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] <br/>S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2010-02-05 742144] <br/>S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-02-19 57344] <br/>S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-01 62776] <br/>S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 176128] <br/>S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 73728] <br/>S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-10 656752] <br/>S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-03-21 12920] <br/>S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] <br/>S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-29 4233728] <br/>S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-03-18 22272] <br/> <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB <br/>mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB <br/>uInternet Settings,ProxyOverride = *.local <br/>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 <br/>FF - ProfilePath - c:\users\Billy Cunningham\AppData\Roaming\Mozilla\Firefox\Profiles\ij8nzvq8.default\ <br/>FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll <br/>FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll <br/>FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll <br/>FF - plugin: c:\program files\Picasa2\npPicasa2.dll <br/>FF - plugin: c:\program files\Picasa2\npPicasa3.dll <br/>FF - plugin: c:\users\Billy Cunningham\AppData\Roaming\Mozilla\Firefox\Profiles\ij8nzvq8.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll <br/> <br/>---- FIREFOX POLICIES ---- <br/>FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); <br/>c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); <br/>c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); <br/>c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/> <br/>HKLM-Run-CyberDefender Registry Cleaner - (no file) <br/> <br/> <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2010-04-19 21:07 <br/>Windows 6.0.6002 Service Pack 2 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/> <br/>Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net <br/> <br/>device: opened successfully <br/>user: MBR read successfully <br/>called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys >>UNKNOWN [0x88D858C8]<< <br/>kernel: MBR read successfully <br/>detected MBR rootkit hooks: <br/>\Driver\Disk -> CLASSPNP.SYS @ 0x89f15d24 <br/>\Driver\ACPI -> acpi.sys @ 0x8069ad68 <br/>\Driver\atapi -> ataport.SYS @ 0x828f49f4 <br/>\Driver\iaStor -> iaStor.sys @ 0x82858352 <br/>IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK <br/> <br/>************************************************************************** <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] <br/>@Denied: (A) (Users) <br/>@Denied: (A) (Everyone) <br/>@Allowed: (B 1 2 3 4 5) (S-1-5-20) <br/>"BlindDial"=dword:00000000 <br/>"MSCurrentCountry"=dword:000000b5 <br/>. <br/>Completion time: 2010-04-19 21:10:57 <br/>ComboFix-quarantined-files.txt 2010-04-20 02:10 <br/> <br/>Pre-Run: 225,030,328,320 bytes free <br/>Post-Run: 225,316,483,072 bytes free <br/> <br/>- - End Of File - - 8F7915E4DF8A7DA1A5105A1659580120 <br/> <br/> <br/>Help me? Or have I fixed by running combofix
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, December 7, 2016, 11:26 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 37,967 registered members. Please welcome our newest member, ConcepcionJAbbate.
There are currently no users on-line.