How to remove TR/Autorun.a.2

Posted 11/22/2011 1:22 AM
#92839
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
good morning <br/> <br/>I would like to ask someone who can help me remove the viruses in my computer. <br/> <br/>Yesterday the windows system of my computer was corrupted. <br/>I ask someone to repair it. He was able to recover all my files but its all in hidden format. <br/>I used avira 2012. the viruses found was TR/aUTORUN.A.2, TR/Drop.Agent.evmr.1, TR/Crypt.ULPM.Gen, TR/Agent.syp , TR/Crypt.CFI.Gen. <br/> <br/> <br/>Please help me. all my files is very important to me
Posted 11/22/2011 2:43 AM
#92840
User avatar

Advanced member

Hello, <br/> <br/>It is not uncommon for infections to change all sort of settings, including hiding your files. <br/> <br/>You did not tell us your operating system, so I will give you a more general procedure: <br/> <br/>1. Right-click on your task-bar (the Windows bar that has the Start button and opened programs and Windows clock) and select open Task Manager. <br/>2. Go to File > New Task (Run). <br/>3. Type cmd.exe and press Enter on your keyboard. <br/>4. In the black Command Prompt window type: <br/> <br/>C:\> attrib -s -h /s /d *.* <br/> <br/>Repeat the procedure for D,G,H drives (Replace C in the above command), if necessary (if your other drives were affected as well).
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 11/22/2011 5:01 AM
#92841
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
hi mam andrea. <br/> <br/> <br/>I follow your advice <br/> <br/> <br/> <br/>this is the result <br/> <br/> <br/> <br/>Microsoft Windows XP [Version 5.1.2600] <br/>(C) Copyright 1985-2001 Microsoft Corp. <br/> <br/>C:\Documents and Settings\Administrator>cd c <br/>The system cannot find the path specified. <br/> <br/>C:\Documents and Settings\Administrator>cd c:\ <br/> <br/>C:\>attrib-s-h/s/d *.* <br/>'attrib-s-h' is not recognized as an internal or external command, <br/>operable program or batch file. <br/> <br/>C:\>attrib -s -h /s /d *.* <br/>Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H <br/>Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V <br/>Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper <br/>.dll <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper <br/>Shim.dll <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll <br/> <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX <br/>Access denied - C:\Qoobox\BackEnv <br/>Access denied - C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf <br/>Access denied - C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVCENTER.EXE-1A970FA0.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVCONFIG.EXE-1ECA67AD.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVGNT.EXE-200FEF40.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVNOTIFY.EXE-05ED5FD8.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVSCAN.EXE-07FC469C.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVWSC.EXE-0283F9DD.pf <br/>Access denied - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf <br/>Access denied - C:\WINDOWS\Prefetch\CONIME.EXE-13EEEA1A.pf <br/>Access denied - C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf <br/>Access denied - C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf <br/>Access denied - C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf <br/>Access denied - C:\WINDOWS\Prefetch\GOOGLECRASHHANDLER.EXE-26322309.pf <br/>Access denied - C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-1E123D86.pf <br/>Access denied - C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-384C7AA5.pf <br/>Access denied - C:\WINDOWS\Prefetch\GOOGLEUPDATESETUP.EXE-02ABC626.pf <br/>Access denied - C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf <br/>Access denied - C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf <br/>Access denied - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf <br/>Access denied - C:\WINDOWS\Prefetch\INVOICING.EXE-0A71B216.pf <br/>Access denied - C:\WINDOWS\Prefetch\Layout.ini <br/>Access denied - C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf <br/>Access denied - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf <br/>Access denied - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf <br/>Access denied - C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf <br/>Access denied - C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf <br/>Access denied - C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-26C2C861.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf <br/>Access denied - C:\WINDOWS\Prefetch\SCHED.EXE-030F29E1.pf <br/>Access denied - C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf <br/>Access denied - C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf <br/>Access denied - C:\WINDOWS\Prefetch\UPDATE.EXE-2577D203.pf <br/>Access denied - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf <br/>Access denied - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf <br/>Access denied - C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf <br/>Access denied - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf <br/>Access denied - C:\WINDOWS\system32\Macromed\Flash\Flash11e.ocx <br/>Unable to change attribute - C:\pagefile.sys <br/> <br/>C:\> <br/>C:\> <br/> <br/> <br/> <br/>I run the combofix here is the log: <br/> <br/> <br/> <br/>ComboFix 11-11-21.01 - Administrator 2/2011 Tue 9:34.2.2 - x86 <br/>Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2038.1443 [GMT 8:00] <br/>执行位置: c:\documents and settings\Administrator\Desktop\ComboFix.exe <br/>. <br/>. <br/>((((((((((((((((((((((((( 2011-10-22 至 2011-11-22 的新的档案 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2011-11-22 02:36 . 2011-11-22 02:36 -------- d--h--w- c:\windows\system32\x64 <br/>2011-11-22 02:36 . 2008-07-01 02:47 920088 ---ha-w- c:\windows\system32\igxpun.exe <br/>2011-11-22 02:36 . 2011-11-22 02:36 -------- dc-h--w- c:\windows\system32\DRVSTORE <br/>2011-11-22 02:36 . 2006-11-10 01:25 319456 ---ha-w- c:\windows\system32\difxapi.dll <br/>2011-11-22 02:35 . 2001-12-28 19:55 24035 ---ha-r- c:\windows\system32\drivers\eaps2kbd.sys <br/>2011-11-22 02:35 . 2001-09-05 03:25 40960 ---ha-r- c:\windows\LoadDll.dll <br/>2011-11-22 02:35 . 2000-03-13 20:16 18841 ---ha-r- c:\windows\system32\FltrCoi.dll <br/>2011-11-22 02:35 . 1999-10-29 20:35 24348 ---ha-r- c:\windows\system32\drivers\EAWDMFD.SYS <br/>2011-11-22 02:35 . 2011-11-22 02:35 -------- d--h--w- c:\windows\system32\RTCOM <br/>2011-11-22 02:35 . 2008-04-14 08:17 25856 ---ha-w- c:\windows\system32\drivers\usbprint.sys <br/>2011-11-22 02:35 . 2008-07-01 03:27 108800 ---ha-w- c:\windows\system32\drivers\Rtenicxp.sys <br/>2011-11-22 02:35 . 2008-07-21 16:14 9728 ---ha-w- c:\windows\system32\RtNicProp32.dll <br/>2011-11-22 00:49 . 2011-11-22 00:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\AskToolbar <br/>2011-11-22 00:29 . 2011-11-22 00:29 -------- d--h--w- c:\documents and settings\Administrator\ChikkaV5 <br/>2011-11-22 00:29 . 2011-11-22 00:29 -------- d-----w- C:\logs <br/>2011-11-22 00:29 . 2011-11-22 00:29 -------- d--h--w- c:\program files\Chikka Messenger <br/>2011-11-22 00:28 . 2011-11-22 00:28 -------- d--h--w- c:\program files\IPMsg <br/>2011-11-21 23:43 . 2011-11-22 00:54 -------- d--h--w- c:\windows\system32\NtmsData <br/>2011-11-21 23:43 . 2011-11-21 23:43 -------- d-sha-w- c:\windows\Repair <br/>2011-11-21 13:04 . 2011-11-21 13:04 -------- d--h--w- c:\program files\Ask.com <br/>2011-11-21 13:04 . 2011-11-22 01:34 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar <br/>2011-11-21 13:03 . 2011-11-22 01:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\Avira <br/>2011-11-21 11:54 . 2011-11-21 11:54 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe <br/>2011-11-21 11:46 . 2011-11-21 11:46 4032 ---ha-w- c:\windows\system32\drivers\hostnt.sys <br/>2011-11-21 11:46 . 2011-11-21 11:46 29056 ---ha-w- c:\windows\system32\drivers\gsmhwdm.sys <br/>2011-11-21 11:46 . 2011-11-21 11:46 27696 ---ha-w- c:\windows\system32\drivers\mhdrv.sys <br/>2011-11-21 11:46 . 2011-11-21 11:46 26060 ---ha-w- c:\windows\system32\drivers\rcmhdog.sys <br/>2011-11-21 11:46 . 2011-11-21 11:46 25904 ---ha-w- c:\windows\system32\drivers\rcusbwdm.sys <br/>2011-11-21 11:42 . 2011-11-21 11:42 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl <br/>2011-11-21 11:42 . 2011-11-21 11:42 -------- d--h--w- c:\documents and settings\All Users\Application Data\McAfee <br/>2011-11-21 11:39 . 2011-11-21 11:39 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla <br/>2011-11-21 11:35 . 2011-11-21 11:35 -------- d--h--w- c:\program files\Avira <br/>2011-11-21 11:33 . 2011-11-21 11:40 -------- d-----w- C:\account <br/>2011-11-21 11:32 . 2011-11-21 11:32 -------- d--h--w- c:\program files\Common Files\Adobe <br/>2011-11-21 11:28 . 2009-02-27 16:23 450560 ---ha-w- c:\windows\system32\GDS32.DLL <br/>2011-11-21 11:28 . 2009-02-27 07:34 462848 ---ha-w- c:\windows\system32\Firebird2Control.cpl <br/>2011-11-21 11:28 . 2011-11-21 11:28 -------- d--h--w- c:\program files\Firebird <br/>2011-11-21 11:26 . 2011-11-21 11:26 69632 ---ha-w- c:\windows\system32\MY3L_EX.DLL <br/>2011-11-21 11:26 . 2011-11-21 11:26 53248 ---ha-w- c:\windows\system32\NT_DLL2.DLL <br/>2011-11-21 11:26 . 2011-11-21 11:26 135168 ---ha-w- c:\windows\system32\YutianEx.DLL <br/>2011-11-21 11:26 . 2005-09-05 14:33 413696 ---ha-w- c:\windows\system32\SetUp_Pro.dll <br/>2011-11-21 11:14 . 2006-10-26 11:56 33104 ---ha-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll <br/>2011-11-21 11:14 . 2006-10-26 11:56 32592 ---ha-w- c:\windows\system32\msonpmon.dll <br/>2011-11-21 11:14 . 2011-11-21 11:14 -------- d--h--w- c:\program files\Microsoft Works <br/>2011-11-21 11:14 . 2011-11-21 11:14 -------- d--h--w- c:\program files\MSBuild <br/>2011-11-21 11:12 . 2011-11-21 11:14 -------- d--h--w- c:\windows\SHELLNEW <br/>2011-11-21 11:12 . 2011-11-21 11:12 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help <br/>2011-11-21 11:12 . 2011-11-21 11:15 -------- d--h--w- c:\documents and settings\All Users\Application Data\Microsoft Help <br/>2011-11-21 11:12 . 2011-11-21 11:12 -------- d-----r- C:\MSOCache <br/>2011-11-21 11:11 . 2008-04-13 16:15 26368 -c-ha-w- c:\windows\system32\dllcache\usbstor.sys <br/>2011-11-21 10:39 . 2011-11-21 10:39 -------- d--h--w- c:\documents and settings\Administrator\Bluebirds <br/>2011-11-21 10:39 . 2011-11-21 10:39 -------- d--h--w- c:\windows\system32\Lang <br/>2011-11-21 10:38 . 2011-11-21 10:38 -------- d--h--w- c:\windows\system32\oobe <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*注意* 空白与合法缺省登录将不会被显示 <br/>REGEDIT4 <br/>. <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] <br/>2011-09-08 06:55 1515688 ---ha-w- c:\program files\Ask.com\GenericAskToolbar.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-09-08 1515688] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] <br/>. <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] <br/>"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-09-08 1515688] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"bluebirds"="c:\documents and settings\Administrator\Bluebirds\BlueBirds.exe" [2009-04-29 270336] <br/>"ChikkaV5"="c:\program files\Chikka Messenger\Chikka v.5\ChikkaLauncher.exe" [2010-09-27 40960] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] <br/>"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] <br/>"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] <br/>"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864] <br/>"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848] <br/>"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672] <br/>"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-09-08 888488] <br/>. <br/>c:\documents and settings\Administrator\Start Menu\Programs\Startup\ <br/>IPMSG for Win32.lnk - c:\program files\IPMsg\ipmsg.exe [2011-11-22 210432] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center] <br/>"AntiVirusOverride"=dword:00000001 <br/>. <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= <br/>"c:\\Program Files\\IPMsg\\ipmsg.exe"= <br/>. <br/>R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [8/30/2008 12:31 PM 27648] <br/>R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [8/30/2008 12:31 PM 7680] <br/>R0 tmagp;Transmeta TM 8000 AGP Filter Driver;c:\windows\system32\drivers\TMAGP.SYS [8/30/2008 12:32 PM 27648] <br/>R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\windows\system32\drivers\ULiAGP.SYS [8/30/2008 12:32 PM 33408] <br/>R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [8/30/2008 12:31 PM 45056] <br/>R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [11/21/2011 7:28 PM 81920] <br/>R2 HOSTNT;Hostnt;c:\windows\system32\drivers\hostnt.sys [11/21/2011 7:46 PM 4032] <br/>R2 MHDRV;Mhdrv;c:\windows\system32\drivers\mhdrv.sys [11/21/2011 7:46 PM 27696] <br/>R2 RCMHDOG;RCMHDOG;c:\windows\system32\drivers\rcmhdog.sys [11/21/2011 7:46 PM 26060] <br/>R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [11/21/2011 7:28 PM 2732032] <br/>R4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys --> c:\windows\system32\DRIVERS\avkmgr.sys [?] <br/>S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [8/30/2008 12:31 PM 9809] <br/>. <br/>--- Other Services/Drivers In Memory --- <br/>. <br/>*NewlyCreated* - HTTPFILTER <br/>*NewlyCreated* - NTMSSVC <br/>*NewlyCreated* - SWPRV <br/>*NewlyCreated* - VSS <br/>*Deregistered* - avipbb <br/>*Deregistered* - ssmdrv <br/>. <br/> ‘计划任务’ 文件夹 里的内容 <br/>. <br/>2011-11-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job <br/>- c:\program files\Ask.com\UpdateTask.exe [2011-09-08 06:55] <br/>. <br/>. <br/>------- 而外的扫描 ------- <br/>. <br/>uStart Page = hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp <br/>uInternet Connection Wizard,ShellNext = hxxp://www.firebirdsql.org//afterinstall <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>TCP: DhcpNameServer = 124.106.5.2 124.106.6.2 <br/>FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\obpr90mx.default\ <br/>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} <br/>FF - Ext: Avira SearchFree Toolbar plus Web Protection: [url=toolbar@ask.com]toolbar@ask.com[/url] - %profile%\extensions\toolbar@ask.com <br/>. <br/>. <br/>************************************************************************** <br/>. <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2011-11-22 09:35 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/>. <br/>扫描被隐藏的进程 。。。 <br/>. <br/>扫描被隐藏的启动组 。。。 <br/>. <br/>扫描被隐藏的文件 。。。 <br/>. <br/>扫描完成 <br/>被隐藏的档案: 0 <br/>. <br/>************************************************************************** <br/>. <br/>--------------------- 运行进程下的动态链接库 --------------------- <br/>. <br/>- - - - - - - > 'lsass.exe'(768) <br/>c:\program files\Avira\AntiVir Desktop\avsda.dll <br/>. <br/>完成时间: 2011-11-22 09:36:25 <br/>ComboFix-quarantined-files.txt 2011-11-22 01:36 <br/>ComboFix2.txt 2011-11-22 01:26 <br/>. <br/>Pre-Run: 126,831,697,920 bytes free <br/>Post-Run: 126,814,416,896 bytes free <br/>. <br/>- - End Of File - - 9708CDC16C41FF2B46CA58B339D99374 <br/> <br/> <br/>I hope you can help me restore my file in its original format
Posted 11/24/2011 1:11 AM
#92855
User avatar

Advanced member

The only thing I can see that is out of place on your computer is the Ask Toolbar. <br/>Run the AutoClean's Ask toolbar removal tool, which I have attached to my message. <br/> <br/>Also, run the showhidden bat I have attached. <br/> <br/>After this, reboot your computer and let us know what happens.
Post attachments:
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 11/25/2011 2:59 AM
#92863
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
mam andrea <br/>why every time I opened my computer the error will appear again . "windows -delayed write faile" failed to save all the components for the the file\\system 32\\0003efb the files corrupted or unreadable this error may caused by abs hardware problem. <br/> <br/> <br/> <br/>and my computer went black and all my files were hidden again. To recover them I run the combofix.exe and follow ur instruction attrib -s -h /s /d *.* <br/> <br/> <br/> <br/>and then I will run the avira 2012 the trojan viruses found . <br/> <br/>everyday I have to do this process. <br/> <br/> <br/> <br/>can you please help me to remove this viruses. <br/> <br/>thanx
Posted 11/25/2011 3:19 AM
#92864
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
mam andrea here is the latest log: <br/> <br/> <br/>Microsoft Windows XP [Version 5.1.2600] <br/>(C) Copyright 1985-2001 Microsoft Corp. <br/> <br/>C:\Documents and Settings\Administrator>c: <br/> <br/>C:\Documents and Settings\Administrator>c:\ <br/>'c:\' is not recognized as an internal or external command, <br/>operable program or batch file. <br/> <br/>C:\Documents and Settings\Administrator>cd c:\ <br/> <br/>C:\>attrib -s -h /s /d *.* <br/>Access denied - C:\Documents and Settings\Administrator\Recent <br/>Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H <br/>Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V <br/>Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper <br/>.dll <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper <br/>Shim.dll <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll <br/> <br/>Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX <br/>Access denied - C:\Qoobox\BackEnv <br/>Access denied - C:\WINDOWS\Prefetch\ACCOUNT.EXE-11EB9945.pf <br/>Access denied - C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-242CE4AA.pf <br/>Access denied - C:\WINDOWS\Prefetch\AGENT.EXE-10B4BAEA.pf <br/>Access denied - C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf <br/>Access denied - C:\WINDOWS\Prefetch\ASKPARTNERCOBRANDINGTOOL.EXE-2476779B.pf <br/>Access denied - C:\WINDOWS\Prefetch\ASPELL.EXE-2320D1FB.pf <br/>Access denied - C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf <br/>Access denied - C:\WINDOWS\Prefetch\AU_.EXE-05904C56.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVCENTER.EXE-1A970FA0.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVCONFIG.EXE-1ECA67AD.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVNOTIFY.EXE-05ED5FD8.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVSCAN.EXE-07FC469C.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVSHADOW.EXE-0F67375E.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVWEBGRD.EXE-03786D52.pf <br/>Access denied - C:\WINDOWS\Prefetch\AVWSC.EXE-0283F9DD.pf <br/>Access denied - C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf <br/>Access denied - C:\WINDOWS\Prefetch\CHIKKALAUNCHER.EXE-32AB4B6C.pf <br/>Access denied - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf <br/>Access denied - C:\WINDOWS\Prefetch\CNET2_CTM_V5_SETUP_EXE.EXE-1E5C5A7C.pf <br/>Access denied - C:\WINDOWS\Prefetch\COMBOFIX.EXE-3A3A8115.pf <br/>Access denied - C:\WINDOWS\Prefetch\CONIME.EXE-13EEEA1A.pf <br/>Access denied - C:\WINDOWS\Prefetch\CORELDRW.EXE-005E337E.pf <br/>Access denied - C:\WINDOWS\Prefetch\CORELPP.EXE-07D31502.pf <br/>Access denied - C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf <br/>Access denied - C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf <br/>Access denied - C:\WINDOWS\Prefetch\CTM_V5_SETUP.EXE-3A9AADCF.pf <br/>Access denied - C:\WINDOWS\Prefetch\DELIVERY.EXE-10265B56.pf <br/>Access denied - C:\WINDOWS\Prefetch\DIGSBY-APP.EXE-1BD802E9.pf <br/>Access denied - C:\WINDOWS\Prefetch\DIGSBY.EXE-2DEEEA8A.pf <br/>Access denied - C:\WINDOWS\Prefetch\DLLHOST.EXE-39029BA9.pf <br/>Access denied - C:\WINDOWS\Prefetch\DLLHOST.EXE-5353C76C.pf <br/>Access denied - C:\WINDOWS\Prefetch\EXCEL.EXE-34CB65E9.pf <br/>Access denied - C:\WINDOWS\Prefetch\FACT.EXE-19B17E1A.pf <br/>Access denied - C:\WINDOWS\Prefetch\FBSERVER.EXE-2E404650.pf <br/>Access denied - C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf <br/>Access denied - C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf <br/>Access denied - C:\WINDOWS\Prefetch\GOOGLECRASHHANDLER.EXE-26322309.pf <br/>Access denied - C:\WINDOWS\Prefetch\GOOGLETOOLBARMANAGER_DC5D2AFB-06B7570B.pf <br/>Access denied - C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-1E123D86.pf <br/>Access denied - C:\WINDOWS\Prefetch\GOOGLEUPDATEONDEMAND.EXE-01935369.pf <br/>Access denied - C:\WINDOWS\Prefetch\GREP.3XE-0FD7DFD4.pf <br/>Access denied - C:\WINDOWS\Prefetch\GSAR.3XE-1971B17C.pf <br/>Access denied - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf <br/>Access denied - C:\WINDOWS\Prefetch\HIDEC.3XE-111262DC.pf <br/>Access denied - C:\WINDOWS\Prefetch\HPGS2WND.EXE-06AC8C27.pf <br/>Access denied - C:\WINDOWS\Prefetch\HPGS2WNF.EXE-0E86C34B.pf <br/>Access denied - C:\WINDOWS\Prefetch\IEXPLORE.EXE-0A31FE70.pf <br/>Access denied - C:\WINDOWS\Prefetch\IEXPLORE.EXE-12915967.pf <br/>Access denied - C:\WINDOWS\Prefetch\IEXPLORE.EXE-12BBAE74.pf <br/>Access denied - C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf <br/>Access denied - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf <br/>Access denied - C:\WINDOWS\Prefetch\INVOICING.EXE-0A71B216.pf <br/>Access denied - C:\WINDOWS\Prefetch\IPMGUI.EXE-1C3915CE.pf <br/>Access denied - C:\WINDOWS\Prefetch\IPMSG.EXE-26141277.pf <br/>Access denied - C:\WINDOWS\Prefetch\Layout.ini <br/>Access denied - C:\WINDOWS\Prefetch\MSDTC.EXE-0E6E4AF7.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSFEEDSSYNC.EXE-25E13438.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI45.TMP-0E98C5F8.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI47.TMP-3500408D.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI48.TMP-19FE9D25.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI49.TMP-1FCCF11B.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI4A.TMP-35004CAD.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI4B.TMP-04CB4193.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI4C.TMP-0E98D218.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI4F.TMP-15FF6CB6.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI5B.TMP-10B41F49.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI5C.TMP-02AFF462.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI73.TMP-2FAEE582.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI75.TMP-09476AED.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI76.TMP-30842353.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI77.TMP-1E7ABA5F.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI78.TMP-1B50D3E1.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI79.TMP-33AE09D1.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI7A.TMP-004F2459.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSI7B.TMP-1314EF52.pf <br/>Access denied - C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf <br/>Access denied - C:\WINDOWS\Prefetch\NEW3FB.TMP.EXE-02E39414.pf <br/>Access denied - C:\WINDOWS\Prefetch\NIRCMD.3XE-117BB35D.pf <br/>Access denied - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf <br/>Access denied - C:\WINDOWS\Prefetch\NS6.TMP-153A5A21.pf <br/>Access denied - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf <br/>Access denied - C:\WINDOWS\Prefetch\PEV.3XE-358EBDB6.pf <br/>Access denied - C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf <br/>Access denied - C:\WINDOWS\Prefetch\PRECACHE.EXE-0AB3F201.pf <br/>Access denied - C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf <br/>Access denied - C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf <br/>Access denied - C:\WINDOWS\Prefetch\RSMSINK.EXE-032F2BAB.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-14E41E50.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-15144D4A.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-15B8A6F0.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-19C2AA6F.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1A483723.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-24B17D44.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-319AA02C.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-36695641.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3721CDE2.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3CF0A7AE.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-40E591AE.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-44756CE7.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-49AED242.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4BA2B636.pf <br/>Access denied - C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf <br/>Access denied - C:\WINDOWS\Prefetch\SAUPDATE.EXE-01D42FCF.pf <br/>Access denied - C:\WINDOWS\Prefetch\SED.3XE-370DAEC3.pf <br/>Access denied - C:\WINDOWS\Prefetch\SETUP.EXE-0155F10D.pf <br/>Access denied - C:\WINDOWS\Prefetch\SETUP.EXE-11946E0E.pf <br/>Access denied - C:\WINDOWS\Prefetch\SETUP.EXE-2ABC6928.pf <br/>Access denied - C:\WINDOWS\Prefetch\SKYPE.EXE-30AE1A60.pf <br/>Access denied - C:\WINDOWS\Prefetch\SKYPESETUP.EXE-1FE206A3.pf <br/>Access denied - C:\WINDOWS\Prefetch\SKYPESETUPFULL.EXE-2CCEC28D.pf <br/>Access denied - C:\WINDOWS\Prefetch\SSMYST.SCR-1CCCF0DC.pf <br/>Access denied - C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf <br/>Access denied - C:\WINDOWS\Prefetch\SWREG.3XE-20CC4D60.pf <br/>Access denied - C:\WINDOWS\Prefetch\SWXCACLS.3XE-392ED218.pf <br/>Access denied - C:\WINDOWS\Prefetch\TASKSCHEDULER.EXE-1D575949.pf <br/>Access denied - C:\WINDOWS\Prefetch\UNINSTALL.EXE-295CFE08.pf <br/>Access denied - C:\WINDOWS\Prefetch\UPDATE.EXE-2577D203.pf <br/>Access denied - C:\WINDOWS\Prefetch\UPDATETASK.EXE-154F922C.pf <br/>Access denied - C:\WINDOWS\Prefetch\UPDRGUI.EXE-027FAE5A.pf <br/>Access denied - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf <br/>Access denied - C:\WINDOWS\Prefetch\VSSVC.EXE-0F74375A.pf <br/>Access denied - C:\WINDOWS\Prefetch\WINWORD.EXE-07381162.pf <br/>Access denied - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf <br/>Access denied - C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf <br/>Access denied - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf <br/>Access denied - C:\WINDOWS\Prefetch\YT KEY DRIVER.EXE-0894418D.pf <br/>Access denied - C:\WINDOWS\system32\Macromed\Flash\Flash11e.ocx <br/>Unable to change attribute - C:\pagefile.sys <br/> <br/>C:\> <br/> <br/> <br/> <br/>combo fix log: <br/> <br/> <br/> <br/>ComboFix 11-11-24.01 - Administrator 5/2011 Fri 11:09:41.7.2 - x86 <br/>Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2038.1326 [GMT 8:00] <br/>执行位置: c:\documents and settings\Administrator\Desktop\ComboFix.exe <br/>AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} <br/>. <br/>. <br/>((((((((((((((((((((((((( 2011-10-25 至 2011-11-25 的新的档案 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2011-11-24 09:18 . 2011-11-25 02:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype <br/>2011-11-24 09:18 . 2011-11-24 09:18 -------- d-----r- c:\program files\Skype <br/>2011-11-24 09:18 . 2011-11-24 09:18 -------- d--h--w- c:\documents and settings\All Users\Application Data\Skype <br/>2011-11-23 06:23 . 2011-11-23 06:23 -------- d-----w- c:\documents and settings\Administrator\ChikkaV5 <br/>2011-11-23 06:10 . 2011-11-23 06:13 -------- d-----w- C:\UniScan <br/>2011-11-23 06:10 . 2008-04-13 16:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys <br/>2011-11-23 06:10 . 2008-04-13 16:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys <br/>2011-11-23 06:07 . 2011-11-23 06:07 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS <br/>2011-11-23 06:07 . 2011-11-23 06:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web 上载文件夹 <br/>2011-11-23 06:06 . 2011-11-23 06:06 -------- d--h--w- c:\program files\Common Files\Hewlett-Packard <br/>2011-11-23 06:06 . 2011-11-23 06:07 -------- d-----w- c:\program files\Hewlett-Packard <br/>2011-11-22 06:29 . 2011-11-22 06:29 -------- d-----w- c:\program files\calicomtech <br/>2011-11-22 06:28 . 2011-11-22 06:28 -------- d-----w- c:\windows\Downloaded Installations <br/>2011-11-22 06:27 . 2011-11-22 07:41 9216 ----a-w- c:\windows\system32\IOCTLVDD.DLL <br/>2011-11-22 05:24 . 2011-11-22 05:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel <br/>2011-11-22 05:10 . 2011-11-22 05:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira <br/>2011-11-22 05:10 . 2011-09-18 00:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys <br/>2011-11-22 05:10 . 2011-09-15 15:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys <br/>2011-11-22 05:10 . 2011-11-22 05:10 -------- d-----w- c:\program files\Avira <br/>2011-11-22 05:09 . 2011-11-22 05:09 -------- d-----w- c:\windows\system32\LogFiles <br/>2011-11-22 04:52 . 2011-11-22 04:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes <br/>2011-11-22 04:52 . 2011-11-22 04:52 -------- d--h--w- c:\documents and settings\All Users\Application Data\Malwarebytes <br/>2011-11-22 04:52 . 2011-11-22 04:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2011-11-22 04:52 . 2011-08-31 09:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2011-11-22 04:44 . 2011-11-22 04:44 -------- d-----w- c:\program files\InstallShield Installation Information <br/>2011-11-22 04:44 . 2011-11-22 04:44 -------- d--h--w- c:\program files\Common Files\Corel <br/>2011-11-22 04:43 . 2011-11-22 04:43 -------- d-----w- c:\program files\Corel <br/>2011-11-22 04:42 . 2011-11-22 04:44 -------- d--h--w- c:\program files\Common Files\InstallShield <br/>2011-11-22 04:34 . 2011-11-25 02:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Digsby <br/>2011-11-22 04:34 . 2011-11-22 10:06 -------- d--h--w- c:\documents and settings\All Users\Application Data\Digsby <br/>2011-11-22 04:34 . 2011-11-22 10:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Digsby <br/>2011-11-22 04:32 . 2011-11-22 04:32 -------- d-----w- c:\program files\Digsby <br/>2011-11-22 04:18 . 2011-09-15 15:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys <br/>2011-11-22 03:29 . 2011-11-22 03:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp <br/>2011-11-22 02:42 . 2011-11-22 02:42 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache <br/>2011-11-22 02:41 . 2011-11-22 02:41 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE <br/>2011-11-22 02:40 . 2011-11-22 02:40 -------- d--h--w- c:\documents and settings\NetworkService\IETldCache <br/>2011-11-22 02:39 . 2011-11-22 02:39 -------- d-----w- c:\documents and settings\Administrator\IETldCache <br/>2011-11-22 02:37 . 2009-01-07 10:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe <br/>2011-11-22 02:36 . 2011-11-22 02:37 -------- dc----w- c:\windows\ie8 <br/>2011-11-22 02:36 . 2011-11-22 02:36 -------- d-----w- c:\windows\system32\x64 <br/>2011-11-22 02:36 . 2008-07-01 02:47 920088 ----a-w- c:\windows\system32\igxpun.exe <br/>2011-11-22 02:36 . 2011-11-22 02:36 -------- dc----w- c:\windows\system32\DRVSTORE <br/>2011-11-22 02:36 . 2006-11-10 01:25 319456 ----a-w- c:\windows\system32\difxapi.dll <br/>2011-11-22 02:36 . 2011-11-22 02:37 -------- d-----w- c:\windows\msdownld.tmp <br/>2011-11-22 02:35 . 2001-12-28 19:55 24035 ----a-r- c:\windows\system32\drivers\eaps2kbd.sys <br/>2011-11-22 02:35 . 2001-09-05 03:25 40960 ----a-r- c:\windows\LoadDll.dll <br/>2011-11-22 02:35 . 2000-03-13 20:16 18841 ----a-r- c:\windows\system32\FltrCoi.dll <br/>2011-11-22 02:35 . 1999-10-29 20:35 24348 ----a-r- c:\windows\system32\drivers\EAWDMFD.SYS <br/>2011-11-22 02:35 . 2011-11-22 02:35 -------- d-----w- c:\windows\system32\RTCOM <br/>2011-11-22 02:35 . 2008-04-14 08:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys <br/>2011-11-22 02:35 . 2008-07-01 03:27 108800 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys <br/>2011-11-22 02:35 . 2008-07-21 16:14 9728 ----a-w- c:\windows\system32\RtNicProp32.dll <br/>2011-11-22 02:30 . 2011-11-22 02:30 -------- d-----w- c:\documents and settings\Administrator\UserData <br/>2011-11-22 02:29 . 2011-11-22 02:29 -------- d--h--w- c:\documents and settings\LocalService\Local Settings\Application Data\Google <br/>2011-11-22 02:24 . 2011-11-22 03:31 -------- d--h--w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google <br/>2011-11-22 02:24 . 2011-11-22 02:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google <br/>2011-11-22 02:24 . 2011-11-22 02:24 -------- d-----w- c:\program files\Google <br/>2011-11-22 02:02 . 2011-11-22 02:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc <br/>2011-11-22 02:01 . 2011-11-22 02:01 -------- d-----w- c:\program files\Easy Media Player <br/>2011-11-22 01:52 . 2011-11-22 01:53 -------- d--h--w- c:\documents and settings\All Users\Application Data\SweetIM <br/>2011-11-22 01:52 . 2011-11-22 01:52 -------- d-----w- c:\program files\SweetIM <br/>2011-11-22 00:49 . 2011-11-22 00:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\AskToolbar <br/>2011-11-22 00:29 . 2011-11-22 00:29 -------- d-----w- C:\logs <br/>2011-11-22 00:29 . 2011-11-23 06:23 -------- d-----w- c:\program files\Chikka Messenger <br/>2011-11-22 00:28 . 2011-11-22 00:28 -------- d-----w- c:\program files\IPMsg <br/>2011-11-21 23:43 . 2011-11-25 01:48 -------- d-----w- c:\windows\system32\NtmsData <br/>2011-11-21 23:43 . 2011-11-21 23:43 -------- d---a-w- c:\windows\Repair <br/>2011-11-21 13:04 . 2011-11-24 03:04 -------- d-----w- c:\program files\Ask.com <br/>2011-11-21 13:04 . 2011-11-25 03:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar <br/>2011-11-21 13:03 . 2011-11-22 05:10 -------- d--h--w- c:\documents and settings\All Users\Application Data\Avira <br/>2011-11-21 11:54 . 2011-11-23 01:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe <br/>2011-11-21 11:46 . 2011-11-22 07:41 4032 ----a-w- c:\windows\system32\drivers\hostnt.sys <br/>2011-11-21 11:46 . 2011-11-22 07:41 29056 ----a-w- c:\windows\system32\drivers\gsmhwdm.sys <br/>2011-11-21 11:46 . 2011-11-22 07:41 27696 ----a-w- c:\windows\system32\drivers\mhdrv.sys <br/>2011-11-21 11:46 . 2011-11-22 07:41 26060 ----a-w- c:\windows\system32\drivers\rcmhdog.sys <br/>2011-11-21 11:46 . 2011-11-22 07:41 25904 ----a-w- c:\windows\system32\drivers\rcusbwdm.sys <br/>2011-11-21 11:42 . 2011-11-21 11:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl <br/>2011-11-21 11:42 . 2011-11-21 11:42 -------- d--h--w- c:\documents and settings\All Users\Application Data\McAfee <br/>2011-11-21 11:39 . 2011-11-21 11:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla <br/>2011-11-21 11:33 . 2011-11-21 11:40 -------- d-----w- C:\account <br/>2011-11-21 11:32 . 2011-11-21 11:32 -------- d--h--w- c:\program files\Common Files\Adobe <br/>2011-11-21 11:28 . 2009-02-27 16:23 450560 ----a-w- c:\windows\system32\GDS32.DLL <br/>2011-11-21 11:28 . 2009-02-27 07:34 462848 ----a-w- c:\windows\system32\Firebird2Control.cpl <br/>2011-11-21 11:28 . 2011-11-21 11:28 -------- d-----w- c:\program files\Firebird <br/>2011-11-21 11:26 . 2011-11-21 11:26 69632 ----a-w- c:\windows\system32\MY3L_EX.DLL <br/>2011-11-21 11:26 . 2011-11-21 11:26 53248 ----a-w- c:\windows\system32\NT_DLL2.DLL <br/>2011-11-21 11:26 . 2011-11-21 11:26 135168 ----a-w- c:\windows\system32\YutianEx.DLL <br/>2011-11-21 11:26 . 2005-09-05 14:33 413696 ----a-w- c:\windows\system32\SetUp_Pro.dll <br/>2011-11-21 11:14 . 2006-10-26 11:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll <br/>2011-11-21 11:14 . 2006-10-26 11:56 32592 ----a-w- c:\windows\system32\msonpmon.dll <br/>2011-11-21 11:14 . 2011-11-21 11:14 -------- d-----w- c:\program files\Microsoft Works <br/>2011-11-21 11:14 . 2011-11-21 11:14 -------- d-----w- c:\program files\MSBuild <br/>2011-11-21 11:12 . 2011-11-21 11:14 -------- d-----w- c:\windows\SHELLNEW <br/>2011-11-21 11:12 . 2011-11-21 11:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help <br/>2011-11-21 11:12 . 2011-11-21 11:15 -------- d--h--w- c:\documents and settings\All Users\Application Data\Microsoft Help <br/>2011-11-21 11:12 . 2011-11-21 11:12 -------- d-----r- C:\MSOCache <br/>2011-11-21 11:11 . 2008-04-13 16:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys <br/>2011-11-21 10:39 . 2011-11-21 10:39 -------- d-----w- c:\documents and settings\Administrator\Bluebirds <br/>2011-11-21 10:39 . 2011-11-21 10:39 -------- d-----w- c:\windows\system32\Lang <br/>2011-11-21 10:38 . 2011-11-21 10:38 -------- d-----w- c:\windows\system32\oobe <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>. <br/>((((((((((((((((((((((((((((( SnapShot_2011-11-23_01.49.28 ))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>+ 2011-11-23 06:07 . 2011-11-23 06:10 45056 c:\windows\Installer\{6F7ECD56-E224-4263-9B7E-158E5CECC43B}\_486AD40031E5_4A05_BAE5_67FC693FE0EF.exe <br/>+ 2011-11-23 06:07 . 2011-11-23 06:07 4150 c:\windows\Installer\{B376402D-58EA-45EA-BD50-DD924EB67A70}\hpmd.exe <br/>+ 2003-04-16 11:31 . 2003-04-16 11:31 258048 c:\windows\system32\hpsjvset.dll <br/>+ 2003-04-15 16:31 . 2003-04-15 16:31 274432 c:\windows\system32\hpgwiamd.dll <br/>+ 2003-04-15 16:33 . 2003-04-15 16:33 401408 c:\windows\system32\hpgt2436.dll <br/>+ 2011-11-24 09:18 . 2011-11-24 09:18 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe <br/>- 2011-11-21 13:04 . 2011-11-21 13:04 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe <br/>+ 2011-11-21 13:04 . 2011-11-24 03:04 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe <br/>+ 2011-11-24 03:04 . 2011-11-24 03:04 2144768 c:\windows\Installer\9d962b.msi <br/>+ 2011-11-24 09:18 . 2011-11-24 09:18 1252864 c:\windows\Installer\1f48519.msi <br/>+ 2011-11-24 09:18 . 2011-11-24 09:18 1527808 c:\windows\Installer\1f48513.msi <br/>+ 2011-11-23 06:07 . 2011-11-23 06:07 4006400 c:\windows\Installer\111b3ea.msi <br/>+ 2011-11-23 06:07 . 2011-11-23 06:07 2932224 c:\windows\Installer\111b3e3.msi <br/>. <br/>((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*注意* 空白与合法缺省登录将不会被显示 <br/>REGEDIT4 <br/>. <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] <br/>"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] <br/>[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] <br/>[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] <br/>. <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] <br/>2011-11-20 18:18 1515688 ---ha-w- c:\program files\Ask.com\GenericAskToolbar.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] <br/>2011-08-24 10:21 1299248 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-20 1515688] <br/>"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] <br/>. <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] <br/>"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-20 1515688] <br/>"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"bluebirds"="c:\documents and settings\Administrator\Bluebirds\BlueBirds.exe" [2009-04-29 270336] <br/>"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-22 39408] <br/>"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] <br/>"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] <br/>"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] <br/>"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864] <br/>"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848] <br/>"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672] <br/>"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-09-08 888488] <br/>"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992] <br/>"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512] <br/>"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] <br/>. <br/>c:\documents and settings\Administrator\Start Menu\Programs\Startup\ <br/>Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488] <br/>IPMSG for Win32.lnk - c:\program files\IPMsg\ipmsg.exe [2011-11-22 210432] <br/>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center] <br/>"AntiVirusOverride"=dword:00000001 <br/>. <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= <br/>"c:\\Program Files\\IPMsg\\ipmsg.exe"= <br/>"c:\\Program Files\\Skype\\Phone\\Skype.exe"= <br/>. <br/>R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [8/30/2008 12:31 PM 27648] <br/>R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [8/30/2008 12:31 PM 7680] <br/>R0 tmagp;Transmeta TM 8000 AGP Filter Driver;c:\windows\system32\drivers\TMAGP.SYS [8/30/2008 12:32 PM 27648] <br/>R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\windows\system32\drivers\ULiAGP.SYS [8/30/2008 12:32 PM 33408] <br/>R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [8/30/2008 12:31 PM 45056] <br/>R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/22/2011 12:18 PM 36000] <br/>R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/22/2011 1:10 PM 86224] <br/>R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [11/22/2011 1:10 PM 463824] <br/>R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [11/21/2011 7:28 PM 81920] <br/>R2 HOSTNT;Hostnt;c:\windows\system32\drivers\hostnt.sys [11/21/2011 7:46 PM 4032] <br/>R2 MHDRV;Mhdrv;c:\windows\system32\drivers\mhdrv.sys [11/21/2011 7:46 PM 27696] <br/>R2 RCMHDOG;RCMHDOG;c:\windows\system32\drivers\rcmhdog.sys [11/21/2011 7:46 PM 26060] <br/>R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [11/21/2011 7:28 PM 2732032] <br/>S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [8/30/2008 12:31 PM 9809] <br/>S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 10:24 AM 136176] <br/>S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 10:24 AM 136176] <br/>. <br/> ‘计划任务’ 文件夹 里的内容 <br/>. <br/>2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 02:24] <br/>. <br/>2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 02:24] <br/>. <br/>2011-11-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job <br/>- c:\program files\Ask.com\UpdateTask.exe [2011-11-20 18:18] <br/>. <br/>2011-11-25 c:\windows\Tasks\User_Feed_Synchronization-{494232BA-F10B-4C2D-910D-DD06DB7D7733}.job <br/>- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31] <br/>. <br/>. <br/>------- 而外的扫描 ------- <br/>. <br/>uStart Page = hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp <br/>uInternet Connection Wizard,ShellNext = hxxp://www.firebirdsql.org//afterinstall <br/>uSearchAssistant = hxxp://www.google.com/ie <br/>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html <br/>LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll <br/>TCP: DhcpNameServer = 124.106.5.2 124.106.6.2 <br/>FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\obpr90mx.default\ <br/>FF - prefs.js: browser.search.defaulturl - <br/>FF - prefs.js: browser.search.selectedEngine - Google <br/>FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com <br/>FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= <br/>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} <br/>FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} <br/>FF - Ext: Avira SearchFree Toolbar plus Web Protection: [url=toolbar@ask.com]toolbar@ask.com[/url] - %profile%\extensions\toolbar@ask.com <br/>FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} <br/>. <br/>. <br/>************************************************************************** <br/>. <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2011-11-25 11:11 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/>. <br/>扫描被隐藏的进程 。。。 <br/>. <br/>扫描被隐藏的启动组 。。。 <br/>. <br/>扫描被隐藏的文件 。。。 <br/>. <br/>扫描完成 <br/>被隐藏的档案: 0 <br/>. <br/>************************************************************************** <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_USERS\S-1-5-21-1757981266-113007714-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] <br/>@Denied: (2) (Administrator) <br/>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, <br/> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,6b,12,05,0e,63,54,48,be,53,c8,\ <br/>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, <br/> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,6b,12,05,0e,63,54,48,be,53,c8,\ <br/>. <br/>--------------------- 运行进程下的动态链接库 --------------------- <br/>. <br/>- - - - - - - > 'lsass.exe'(772) <br/>c:\program files\Avira\AntiVir Desktop\avsda.dll <br/>. <br/>- - - - - - - > 'explorer.exe'(1016) <br/>c:\windows\system32\ieframe.dll <br/>c:\windows\system32\webcheck.dll <br/>c:\windows\system32\OneX.DLL <br/>c:\windows\system32\eappprxy.dll <br/>. <br/>完成时间: 2011-11-25 11:11:52 <br/>ComboFix-quarantined-files.txt 2011-11-25 03:11 <br/>ComboFix2.txt 2011-11-25 02:22 <br/>ComboFix3.txt 2011-11-23 03:01 <br/>ComboFix4.txt 2011-11-23 01:59 <br/>ComboFix5.txt 2011-11-25 03:09 <br/>. <br/>Pre-Run: 125,197,451,264 bytes free <br/>Post-Run: 125,183,225,856 bytes free <br/>. <br/>- - End Of File - - 10D2F0A6B2790DFDB3A3D1A692E0C823
Posted 11/25/2011 3:21 AM
#92865
User avatar

Advanced member

First of all, run the combofix.exe. <br/> <br/>Immediately afterwards, turn off "Enable write caching on the disk", by following these steps: <br/> <br/> Click Start, and then click My Computer. <br/> Right-click the hard disk, and then click Properties. <br/> Click the Hardware tab. <br/> Click to select the hard disk, and then click Properties. <br/> Click the Policies tab. <br/> Click to clear the Enable write caching on the disk check box, and then click OK. <br/> Click OK to close the Local Disk (C:) Properties dialog box. <br/> Repeat steps 3 through 5 for each hard disk that is installed in your computer. <br/> <br/>Then, go to Start > Run > type cmd.exe and press Enter. In the Command prompt window, type sfc /scannow and press Enter. Allow Windows to repair itself. <br/>Note that you may need to insert your Windows CD/Repair disck or select your recovery partition, if prompted by the System File Scan. <br/> <br/>Please post your new Combofix log.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 11/25/2011 3:54 AM
#92868
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
mam here is the log of malwarebytes: <br/> <br/>Malwarebytes' Anti-Malware 1.51.2.1300 <br/>www.malwarebytes.org <br/> <br/>Database version: 8235 <br/> <br/>Windows 5.1.2600 Service Pack 3 (Safe Mode) <br/>Internet Explorer 8.0.6001.18702 <br/> <br/>11/25/2011 11:48:14 AM <br/>mbam-log-2011-11-25 (11-48-14).txt <br/> <br/>Scan type: Full scan (C:\|D:\|F:\|) <br/>Objects scanned: 229369 <br/>Time elapsed: 11 minute(s), 45 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 0 <br/>Registry Keys Infected: 0 <br/>Registry Values Infected: 0 <br/>Registry Data Items Infected: 0 <br/>Folders Infected: 0 <br/>Files Infected: 2 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>(No malicious items detected) <br/> <br/>Registry Keys Infected: <br/>(No malicious items detected) <br/> <br/>Registry Values Infected: <br/>(No malicious items detected) <br/> <br/>Registry Data Items Infected: <br/>(No malicious items detected) <br/> <br/>Folders Infected: <br/>(No malicious items detected) <br/> <br/>Files Infected: <br/>c:\Qoobox\quarantine\C\documents and settings\all users\application data\iglkdek1ecxwgu.exe.vir (Rogue.FakeHDD) -> Quarantined and deleted successfully. <br/>c:\Qoobox\quarantine\C\documents and settings\all users\application data\wftchmssoh.exe.vir (Rogue.FakeHDD) -> Quarantined and deleted successfully. <br/> <br/> <br/><br /><br />
Posted 11/25/2011 4:03 AM
#92869
User avatar

Advanced member

The c:\Qoobox folder is the quarantine of Combofix, so basically the infections have already been quarantined. Just start the computer in Safe Mode and delete the entire folder. <br/> <br/>Also, follow the steps I have given you above one more time, afterwards.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 11/25/2011 11:45 AM
#92873
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
mam andrea <br/> <br/>I did not run yet the combofix.exe and your suggestion because I dont have a windows cd. I'm afraid I cant install my windows. where can I find windows installer <br/> <br/>Please help me <br/> <br/>thank you very much
Posted 11/25/2011 2:30 PM
#92875
User avatar

Advanced member

I did not tell you to install your windows, please read my instructions again. If you do not have your CD, then simply click on the cancel button if you are asked for it. The scan will continue but it will skip those files.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 11/26/2011 1:48 AM
#92876
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
mam andrea, <br/> <br/>here is my combo fix log today: <br/>ComboFix 11-11-25.02 - Administrator 6/2011 Sat 8:53.9.2 - x86 <br/>Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2038.1545 [GMT 8:00] <br/>执行位置: c:\documents and settings\Administrator\Desktop\ComboFix.exe <br/>AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( 被删除的档案 ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>c:\windows\CSC\d6 <br/>. <br/>. <br/>((((((((((((((((((((((((( 2011-10-26 至 2011-11-26 的新的档案 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2011-11-24 09:18 . 2011-11-25 08:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype <br/>2011-11-24 09:18 . 2011-11-24 09:18 -------- d-----r- c:\program files\Skype <br/>2011-11-24 09:18 . 2011-11-24 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype <br/>2011-11-23 06:23 . 2011-11-23 06:23 -------- d-----w- c:\documents and settings\Administrator\ChikkaV5 <br/>2011-11-23 06:10 . 2011-11-23 06:13 -------- d-----w- C:\UniScan <br/>2011-11-23 06:10 . 2008-04-13 16:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys <br/>2011-11-23 06:10 . 2008-04-13 16:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys <br/>2011-11-23 06:07 . 2011-11-23 06:07 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS <br/>2011-11-23 06:07 . 2011-11-23 06:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web 上载文件夹 <br/>2011-11-23 06:06 . 2011-11-23 06:06 -------- d-----w- c:\program files\Common Files\Hewlett-Packard <br/>2011-11-23 06:06 . 2011-11-23 06:07 -------- d-----w- c:\program files\Hewlett-Packard <br/>2011-11-22 06:29 . 2011-11-22 06:29 -------- d-----w- c:\program files\calicomtech <br/>2011-11-22 06:28 . 2011-11-22 06:28 -------- d-----w- c:\windows\Downloaded Installations <br/>2011-11-22 06:27 . 2011-11-22 07:41 9216 ----a-w- c:\windows\system32\IOCTLVDD.DLL <br/>2011-11-22 05:24 . 2011-11-22 05:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel <br/>2011-11-22 05:10 . 2011-11-22 05:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira <br/>2011-11-22 05:10 . 2011-09-18 00:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys <br/>2011-11-22 05:10 . 2011-09-15 15:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys <br/>2011-11-22 05:10 . 2011-11-22 05:10 -------- d-----w- c:\program files\Avira <br/>2011-11-22 05:09 . 2011-11-22 05:09 -------- d-----w- c:\windows\system32\LogFiles <br/>2011-11-22 04:52 . 2011-11-22 04:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes <br/>2011-11-22 04:52 . 2011-11-22 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes <br/>2011-11-22 04:52 . 2011-11-25 03:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2011-11-22 04:52 . 2011-08-31 09:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2011-11-22 04:44 . 2011-11-22 04:44 -------- d-----w- c:\program files\InstallShield Installation Information <br/>2011-11-22 04:44 . 2011-11-22 04:44 -------- d-----w- c:\program files\Common Files\Corel <br/>2011-11-22 04:43 . 2011-11-22 04:43 -------- d-----w- c:\program files\Corel <br/>2011-11-22 04:42 . 2011-11-22 04:44 -------- d-----w- c:\program files\Common Files\InstallShield <br/>2011-11-22 04:34 . 2011-11-26 00:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Digsby <br/>2011-11-22 04:34 . 2011-11-22 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Digsby <br/>2011-11-22 04:34 . 2011-11-22 10:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Digsby <br/>2011-11-22 04:32 . 2011-11-22 04:32 -------- d-----w- c:\program files\Digsby <br/>2011-11-22 04:18 . 2011-09-15 15:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys <br/>2011-11-22 03:29 . 2011-11-22 03:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp <br/>2011-11-22 02:42 . 2011-11-22 02:42 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache <br/>2011-11-22 02:41 . 2011-11-22 02:41 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE <br/>2011-11-22 02:40 . 2011-11-22 02:40 -------- d-----w- c:\documents and settings\NetworkService\IETldCache <br/>2011-11-22 02:39 . 2011-11-22 02:39 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache <br/>2011-11-22 02:37 . 2009-01-07 10:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe <br/>2011-11-22 02:36 . 2011-11-22 02:37 -------- dc----w- c:\windows\ie8 <br/>2011-11-22 02:36 . 2011-11-22 02:36 -------- d-----w- c:\windows\system32\x64 <br/>2011-11-22 02:36 . 2008-07-01 02:47 920088 ----a-w- c:\windows\system32\igxpun.exe <br/>2011-11-22 02:36 . 2011-11-22 02:36 -------- dc----w- c:\windows\system32\DRVSTORE <br/>2011-11-22 02:36 . 2006-11-10 01:25 319456 ----a-w- c:\windows\system32\difxapi.dll <br/>2011-11-22 02:36 . 2011-11-22 02:37 -------- d-----w- c:\windows\msdownld.tmp <br/>2011-11-22 02:35 . 2001-12-28 19:55 24035 ----a-r- c:\windows\system32\drivers\eaps2kbd.sys <br/>2011-11-22 02:35 . 2001-09-05 03:25 40960 ----a-r- c:\windows\LoadDll.dll <br/>2011-11-22 02:35 . 2000-03-13 20:16 18841 ----a-r- c:\windows\system32\FltrCoi.dll <br/>2011-11-22 02:35 . 1999-10-29 20:35 24348 ----a-r- c:\windows\system32\drivers\EAWDMFD.SYS <br/>2011-11-22 02:35 . 2011-11-22 02:35 -------- d-----w- c:\windows\system32\RTCOM <br/>2011-11-22 02:35 . 2008-04-14 08:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys <br/>2011-11-22 02:35 . 2008-07-01 03:27 108800 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys <br/>2011-11-22 02:35 . 2008-07-21 16:14 9728 ----a-w- c:\windows\system32\RtNicProp32.dll <br/>2011-11-22 02:30 . 2011-11-22 02:30 -------- d-----w- c:\documents and settings\Administrator\UserData <br/>2011-11-22 02:29 . 2011-11-22 02:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google <br/>2011-11-22 02:24 . 2011-11-22 03:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google <br/>2011-11-22 02:24 . 2011-11-22 02:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google <br/>2011-11-22 02:24 . 2011-11-22 02:24 -------- d-----w- c:\program files\Google <br/>2011-11-22 02:02 . 2011-11-22 02:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc <br/>2011-11-22 02:01 . 2011-11-22 02:01 -------- d-----w- c:\program files\Easy Media Player <br/>2011-11-22 01:52 . 2011-11-22 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM <br/>2011-11-22 01:52 . 2011-11-22 01:52 -------- d-----w- c:\program files\SweetIM <br/>2011-11-22 00:49 . 2011-11-22 00:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\AskToolbar <br/>2011-11-22 00:29 . 2011-11-22 00:29 -------- d-----w- C:\logs <br/>2011-11-22 00:29 . 2011-11-23 06:23 -------- d-----w- c:\program files\Chikka Messenger <br/>2011-11-22 00:28 . 2011-11-22 00:28 -------- d-----w- c:\program files\IPMsg <br/>2011-11-21 23:43 . 2011-11-25 11:00 -------- d-----w- c:\windows\system32\NtmsData <br/>2011-11-21 23:43 . 2011-11-21 23:43 -------- d---a-w- c:\windows\Repair <br/>2011-11-21 13:04 . 2011-11-24 03:04 -------- d-----w- c:\program files\Ask.com <br/>2011-11-21 13:04 . 2011-11-26 00:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar <br/>2011-11-21 13:03 . 2011-11-22 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira <br/>2011-11-21 11:54 . 2011-11-23 01:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe <br/>2011-11-21 11:46 . 2011-11-22 07:41 4032 ----a-w- c:\windows\system32\drivers\hostnt.sys <br/>2011-11-21 11:46 . 2011-11-22 07:41 29056 ----a-w- c:\windows\system32\drivers\gsmhwdm.sys <br/>2011-11-21 11:46 . 2011-11-22 07:41 27696 ----a-w- c:\windows\system32\drivers\mhdrv.sys <br/>2011-11-21 11:46 . 2011-11-22 07:41 26060 ----a-w- c:\windows\system32\drivers\rcmhdog.sys <br/>2011-11-21 11:46 . 2011-11-22 07:41 25904 ----a-w- c:\windows\system32\drivers\rcusbwdm.sys <br/>2011-11-21 11:42 . 2011-11-21 11:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl <br/>2011-11-21 11:42 . 2011-11-21 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee <br/>2011-11-21 11:39 . 2011-11-21 11:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla <br/>2011-11-21 11:33 . 2011-11-21 11:40 -------- d-----w- C:\account <br/>2011-11-21 11:32 . 2011-11-21 11:32 -------- d-----w- c:\program files\Common Files\Adobe <br/>2011-11-21 11:28 . 2009-02-27 16:23 450560 ----a-w- c:\windows\system32\GDS32.DLL <br/>2011-11-21 11:28 . 2009-02-27 07:34 462848 ----a-w- c:\windows\system32\Firebird2Control.cpl <br/>2011-11-21 11:28 . 2011-11-21 11:28 -------- d-----w- c:\program files\Firebird <br/>2011-11-21 11:26 . 2011-11-21 11:26 69632 ----a-w- c:\windows\system32\MY3L_EX.DLL <br/>2011-11-21 11:26 . 2011-11-21 11:26 53248 ----a-w- c:\windows\system32\NT_DLL2.DLL <br/>2011-11-21 11:26 . 2011-11-21 11:26 135168 ----a-w- c:\windows\system32\YutianEx.DLL <br/>2011-11-21 11:26 . 2005-09-05 14:33 413696 ----a-w- c:\windows\system32\SetUp_Pro.dll <br/>2011-11-21 11:14 . 2006-10-26 11:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll <br/>2011-11-21 11:14 . 2006-10-26 11:56 32592 ----a-w- c:\windows\system32\msonpmon.dll <br/>2011-11-21 11:14 . 2011-11-21 11:14 -------- d-----w- c:\program files\Microsoft Works <br/>2011-11-21 11:14 . 2011-11-21 11:14 -------- d-----w- c:\program files\MSBuild <br/>2011-11-21 11:12 . 2011-11-21 11:14 -------- d-----w- c:\windows\SHELLNEW <br/>2011-11-21 11:12 . 2011-11-21 11:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help <br/>2011-11-21 11:12 . 2011-11-21 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help <br/>2011-11-21 11:12 . 2011-11-21 11:12 -------- d-----r- C:\MSOCache <br/>2011-11-21 11:11 . 2008-04-13 16:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys <br/>2011-11-21 10:39 . 2011-11-21 10:39 -------- d-----w- c:\documents and settings\Administrator\Bluebirds <br/>2011-11-21 10:39 . 2011-11-21 10:39 -------- d-----w- c:\windows\system32\Lang <br/>2011-11-21 10:38 . 2011-11-21 10:38 -------- d-----w- c:\windows\system32\oobe <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>. <br/>((((((((((((((((((((((((((((( SnapShot_2011-11-23_01.49.28 ))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>+ 2011-11-23 06:07 . 2011-11-23 06:10 45056 c:\windows\Installer\{6F7ECD56-E224-4263-9B7E-158E5CECC43B}\_486AD40031E5_4A05_BAE5_67FC693FE0EF.exe <br/>+ 2011-11-23 06:07 . 2011-11-23 06:07 4150 c:\windows\Installer\{B376402D-58EA-45EA-BD50-DD924EB67A70}\hpmd.exe <br/>+ 2003-04-16 11:31 . 2003-04-16 11:31 258048 c:\windows\system32\hpsjvset.dll <br/>+ 2003-04-15 16:31 . 2003-04-15 16:31 274432 c:\windows\system32\hpgwiamd.dll <br/>+ 2003-04-15 16:33 . 2003-04-15 16:33 401408 c:\windows\system32\hpgt2436.dll <br/>+ 2011-11-24 09:18 . 2011-11-24 09:18 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe <br/>- 2011-11-21 13:04 . 2011-11-21 13:04 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe <br/>+ 2011-11-21 13:04 . 2011-11-24 03:04 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe <br/>+ 2011-11-24 03:04 . 2011-11-24 03:04 2144768 c:\windows\Installer\9d962b.msi <br/>+ 2011-11-24 09:18 . 2011-11-24 09:18 1252864 c:\windows\Installer\1f48519.msi <br/>+ 2011-11-24 09:18 . 2011-11-24 09:18 1527808 c:\windows\Installer\1f48513.msi <br/>+ 2011-11-23 06:07 . 2011-11-23 06:07 4006400 c:\windows\Installer\111b3ea.msi <br/>+ 2011-11-23 06:07 . 2011-11-23 06:07 2932224 c:\windows\Installer\111b3e3.msi <br/>. <br/>((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*注意* 空白与合法缺省登录将不会被显示 <br/>REGEDIT4 <br/>. <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] <br/>"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] <br/>[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] <br/>[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] <br/>. <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] <br/>2011-11-20 18:18 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] <br/>2011-08-24 10:21 1299248 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-20 1515688] <br/>"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] <br/>. <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] <br/>"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-20 1515688] <br/>"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"bluebirds"="c:\documents and settings\Administrator\Bluebirds\BlueBirds.exe" [2009-04-29 270336] <br/>"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-22 39408] <br/>"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] <br/>"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] <br/>"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] <br/>"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864] <br/>"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848] <br/>"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672] <br/>"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-09-08 888488] <br/>"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992] <br/>"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512] <br/>"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] <br/>. <br/>c:\documents and settings\Administrator\Start Menu\Programs\Startup\ <br/>Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488] <br/>IPMSG for Win32.lnk - c:\program files\IPMsg\ipmsg.exe [2011-11-22 210432] <br/>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center] <br/>"AntiVirusOverride"=dword:00000001 <br/>. <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= <br/>"c:\\Program Files\\IPMsg\\ipmsg.exe"= <br/>"c:\\Program Files\\Skype\\Phone\\Skype.exe"= <br/>. <br/>R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [8/30/2008 12:31 PM 27648] <br/>R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [8/30/2008 12:31 PM 7680] <br/>R0 tmagp;Transmeta TM 8000 AGP Filter Driver;c:\windows\system32\drivers\TMAGP.SYS [8/30/2008 12:32 PM 27648] <br/>R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\windows\system32\drivers\ULiAGP.SYS [8/30/2008 12:32 PM 33408] <br/>R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [8/30/2008 12:31 PM 45056] <br/>R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/22/2011 12:18 PM 36000] <br/>R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/22/2011 1:10 PM 86224] <br/>R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [11/22/2011 1:10 PM 463824] <br/>R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [11/21/2011 7:28 PM 81920] <br/>R2 HOSTNT;Hostnt;c:\windows\system32\drivers\hostnt.sys [11/21/2011 7:46 PM 4032] <br/>R2 MHDRV;Mhdrv;c:\windows\system32\drivers\mhdrv.sys [11/21/2011 7:46 PM 27696] <br/>R2 RCMHDOG;RCMHDOG;c:\windows\system32\drivers\rcmhdog.sys [11/21/2011 7:46 PM 26060] <br/>R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [11/21/2011 7:28 PM 2732032] <br/>S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [8/30/2008 12:31 PM 9809] <br/>S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 10:24 AM 136176] <br/>S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 10:24 AM 136176] <br/>S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] <br/>. <br/> ‘计划任务’ 文件夹 里的内容 <br/>. <br/>2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 02:24] <br/>. <br/>2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 02:24] <br/>. <br/>2011-11-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job <br/>- c:\program files\Ask.com\UpdateTask.exe [2011-11-20 18:18] <br/>. <br/>2011-11-26 c:\windows\Tasks\User_Feed_Synchronization-{494232BA-F10B-4C2D-910D-DD06DB7D7733}.job <br/>- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31] <br/>. <br/>. <br/>------- 而外的扫描 ------- <br/>. <br/>uStart Page = hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp <br/>uInternet Connection Wizard,ShellNext = hxxp://www.firebirdsql.org//afterinstall <br/>uSearchAssistant = hxxp://www.google.com/ie <br/>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html <br/>LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll <br/>TCP: DhcpNameServer = 124.106.5.2 124.106.6.2 <br/>FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\obpr90mx.default\ <br/>FF - prefs.js: browser.search.defaulturl - <br/>FF - prefs.js: browser.search.selectedEngine - Google <br/>FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com <br/>FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= <br/>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} <br/>FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} <br/>FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com <br/>FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} <br/>. <br/>. <br/>************************************************************************** <br/>. <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2011-11-26 09:21 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/>. <br/>扫描被隐藏的进程 。。。 <br/>. <br/>扫描被隐藏的启动组 。。。 <br/>. <br/>扫描被隐藏的文件 。。。 <br/>. <br/>扫描完成 <br/>被隐藏的档案: 0 <br/>. <br/>************************************************************************** <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_USERS\S-1-5-21-1757981266-113007714-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] <br/>@Denied: (2) (Administrator) <br/>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, <br/> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,6b,12,05,0e,63,54,48,be,53,c8,\ <br/>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, <br/> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,6b,12,05,0e,63,54,48,be,53,c8,\ <br/>. <br/>--------------------- 运行进程下的动态链接库 --------------------- <br/>. <br/>- - - - - - - > 'lsass.exe'(784) <br/>c:\program files\Avira\AntiVir Desktop\avsda.dll <br/>. <br/>- - - - - - - > 'explorer.exe'(504) <br/>c:\program files\Avira\AntiVir Desktop\avsda.dll <br/>c:\progra~1\MICROS~2\Office12\GRA8E1~1.DLL <br/>c:\windows\system32\ieframe.dll <br/>c:\windows\system32\webcheck.dll <br/>c:\windows\system32\OneX.DLL <br/>c:\windows\system32\eappprxy.dll <br/>. <br/>完成时间: 2011-11-26 09:36:34 <br/>ComboFix-quarantined-files.txt 2011-11-26 01:36 <br/>ComboFix2.txt 2011-11-25 03:11 <br/>ComboFix3.txt 2011-11-25 02:22 <br/>ComboFix4.txt 2011-11-23 03:01 <br/>ComboFix5.txt 2011-11-25 11:16 <br/>. <br/>Pre-Run: 125,210,734,592 bytes free <br/>Post-Run: 125,200,375,808 bytes free <br/>. <br/>- - End Of File - - F8236B709CC305C98AC3482D9DCD0731
Posted 11/26/2011 2:04 AM
#92877
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
mam I followed your instruction but I'ts asking windows xp professional service pack 3 cd. <br/>so I cancelled it
Posted 11/26/2011 2:43 AM
#92878
User avatar

Advanced member

What about the turning off of "Enable write caching on the disk". Did you disable this?
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 11/26/2011 2:46 AM
#92879
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
yes mam andrea, I turn off "Enable write caching on the disk" <br/> <br/>I run hijack this here is the log: <br/>Logfile of Trend Micro HijackThis v2.0.4 <br/>Scan saved at 10:43:05 AM, on 11/26/2011 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18702) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Avira\AntiVir Desktop\sched.exe <br/>C:\WINDOWS\RTHDCPL.EXE <br/>C:\WINDOWS\system32\igfxpers.exe <br/>C:\WINDOWS\system32\igfxsrvc.exe <br/>C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe <br/>C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe <br/>C:\Program Files\Ask.com\Updater\Updater.exe <br/>C:\Program Files\SweetIM\Messenger\SweetIM.exe <br/>C:\Program Files\Avira\AntiVir Desktop\avgnt.exe <br/>C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe <br/>C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe <br/>C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <br/>C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe <br/>C:\Program Files\Skype\Phone\Skype.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\IPMsg\ipmsg.exe <br/>C:\Program Files\Avira\AntiVir Desktop\avguard.exe <br/>C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Avira\AntiVir Desktop\avshadow.exe <br/>C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE <br/>C:\WINDOWS\system32\wscntfy.exe <br/>C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Program Files\Internet Explorer\IEXPLORE.EXE <br/>C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe <br/> <br/>R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll <br/>O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll <br/>O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll <br/>O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll <br/>O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll <br/>O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 <br/>O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC <br/>O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName <br/>O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE <br/>O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe <br/>O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" <br/>O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe <br/>O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min <br/>O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe <br/>O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe <br/>O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" <br/>O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe <br/>O4 - Startup: IPMSG for Win32.lnk = C:\Program Files\IPMsg\ipmsg.exe <br/>O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html <br/>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll <br/>O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll <br/>O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O15 - ESC Trusted Zone: http://*.update.microsoft.com <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab <br/>O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL <br/>O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll <br/>O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll <br/>O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe <br/>O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe <br/>O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE <br/>O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe <br/>O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) <br/> <br/>-- <br/>End of file - 8185 bytes
Posted 11/26/2011 3:31 AM
#92880
User avatar

Advanced member

Run Hijackthis and place a checkmark by these entries: <br/> <br/>C:\Program Files\Ask.com\Updater\Updater.exe <br/>C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe <br/>R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll <br/>O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll <br/> <br/>O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll <br/>O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll <br/>O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll <br/>O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" <br/>O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe <br/>O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html <br/> <br/>Press the fix button at the end and reboot the computer. <br/>Also, make sure your antivirus is updated and run a new scan with it. <br/> <br/>Then, delete the following folders: <br/> <br/>C:\Program Files\Ask.com\ <br/>C:\Program Files\SweetIM\ <br/>C:\Documents and Settings\Administrator\Bluebirds <br/>c:\documents and settings\All Users\Application Data\SweetIM <br/>c:\documents and settings\Administrator\Application Data\AskToolbar <br/>c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar <br/>c:\documents and settings\Administrator\Local Settings\Application Data\Temp
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 11/26/2011 5:11 AM
#92881
User avatar

shannemark Advanced member

Date Joined Nov 2016
Total Posts: 32
I follow your instructions. <br/> <br/>I run the hijack and fix those files you gave then I run avira 2012. there is 4 hidden object found. it ask me to restart my computer. <br/> <br/>there is a desktop note pad pop out: <br/> <br/>[.ShellClassInfo] <br/>[url=LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787]LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787[/url]
Posted 11/26/2011 7:17 PM
#92887
User avatar

Advanced member

The problem you are dealing with now is fixable. <br/> <br/>See Microsoft: http://support.microsoft.com/kb/330132
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 8, 2016, 1:03 PM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.