Unknown Virus

Posted 5/20/2008 10:45 PM
#62275
User avatar

Atryom Member

Date Joined Nov 2016
Total Posts: 8
Explorer.exe will randomly shut down, firefox, internet explorer, and other random programs will not load. I cannot access my systeem settings, there apparently aren't the right permissions on my computer. (This is my home computer)


I've run the bullguard antivirus software, combofix, and hijackthis.



When I ran the bullguard software, it found and fixed over 4,500 problems.



Combofix, it tells me that it cannot find c:\windows\rededit.exe and cannot continue.



When running hijackthis, it will randomly freeze, then a window will pop up and tell me that hijackthis has encountered an error, and must be closed.
Posted 5/21/2008 2:52 AM
#62276
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :smile:




Let´s see if you can use this scannner ->



Download Deckard's System Scanner https://www.techsupportforum.com/sectools/Deckard/dss.exe
to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):


"%userprofile%\desktop\dss.exe" /config



When the DSS Configuration display opens click the "Check All" button. Next, Under Main Log, uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Options, place a check next to the following:

Backup Registry Hives



Don't make any other changes at this time. Then click the "Scan!" button to start the scan.



Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt).



(The log can also be found in the C:\Deckard\System Scanner folder)

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 5/21/2008 5:47 AM
#62280
User avatar

Atryom Member

Date Joined Nov 2016
Total Posts: 8
Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-21 01:38:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.

[color=red]Total Physical Memory: 510 MiB (512 MiB recommended).[/color]


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-21 01:39:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: {4f2bb9a4-6d41-383a-6b14-00da80f0ed37} - {73de0f08-ad00-41b6-a383-14d64a9bb2f4} - C:\WINDOWS\system32\jsmoouho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8A290466-39BD-419B-93DB-0E9599506654} - C:\WINDOWS\system32\vtUnlJaX.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EA9D7EB3-3410-4EE7-BDEC-23B4FA8F4A19} - C:\WINDOWS\system32\ljJCTmlI.dll
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [BM1be58b12] Rundll32.exe "C:\WINDOWS\system32\hmeeiyqj.dll",s
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Instapp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vtUnlJaX - C:\WINDOWS\system32\vtUnlJaX.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\system32\alg.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 5531 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].reg - regfile - DefaultIcon - unable to read value[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
R2 BgLiveSvc (BullGuard LiveUpdate) - "c:\program files\bullguard ltd\bullguard\bullguardupdate.exe"
R2 ScsiAccess - c:\windows\system32\scsiaccess.exe

S2 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)
S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe"
S3 BGRaSvc - "c:\program files\bullguard ltd\bullguard\support\bgrasvc.exe"
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe"


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-14 18:20:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-21 and 2008-05-21 -----------------------------

2008-05-21 01:38:36 118272 --a------ C:\WINDOWS\system32\jsmoouho.dll
2008-05-21 01:35:33 109056 --a------ C:\WINDOWS\system32\hmeeiyqj.dll
2008-05-20 18:56:52 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-05-20 18:49:46 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-20 18:49:45 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-20 18:31:36 388608 --a------ C:\WINDOWS\system32\CF15601.exe
2008-05-20 15:19:03 0 d-------- C:\Program Files\SpywareBlaster
2008-05-20 15:16:01 388608 --a------ C:\WINDOWS\system32\CF10051.exe
2008-05-20 15:14:51 388608 --a------ C:\WINDOWS\system32\CF9826.exe
2008-05-20 15:14:38 0 d-------- C:\327882R2FWJFW
2008-05-20 01:49:35 0 d-------- C:\Documents and Settings\All Users\Application Data\BullGuard
2008-05-20 01:49:33 0 d-------- C:\Documents and Settings\Owner\Application Data\BullGuard
2008-05-20 01:47:05 0 d-------- C:\Program Files\BullGuard Ltd
2008-05-20 00:45:25 2560 --a------ C:\WINDOWS\system32\baynceau.exe
2008-05-20 00:42:25 94208 --a------ C:\WINDOWS\system32\hqqdjgvr.dll
2008-05-20 00:36:25 117760 --a------ C:\WINDOWS\system32\empreokv.dll
2008-05-20 00:33:25 109056 --a------ C:\WINDOWS\system32\unlpjajq.dll
2008-05-18 15:47:23 0 d-------- C:\Program Files\Trend Micro
2008-05-18 11:22:45 95232 --a------ C:\WINDOWS\system32\fxvqskec.dll
2008-05-18 11:19:47 2048 --a------ C:\WINDOWS\system32\dysbribn.exe
2008-05-18 11:13:52 118784 --a------ C:\WINDOWS\system32\idshsqdp.dll
2008-05-18 11:13:45 109568 --a------ C:\WINDOWS\system32\kcrshwnl.dll
2008-05-17 23:13:47 0 d-------- C:\Program Files\Spcron
2008-05-17 23:09:48 894916 --ahs---- C:\WINDOWS\system32\IlmTCJjl.ini2
2008-05-17 23:09:45 374784 --a------ C:\WINDOWS\system32\ljJCTmlI.dll
2008-05-17 23:08:40 0 d-------- C:\Program Files\Svconr
2008-05-17 23:04:47 0 d-------- C:\WINDOWS\system32\dFrnx18
2008-05-17 23:04:42 28672 --a------ C:\WINDOWS\system32\vtUnlJaX.dll
2008-05-17 23:04:36 40960 --a------ C:\Documents and Settings\Owner\services.exe
2008-05-16 02:03:57 0 d-------- C:\Program Files\winvi
2008-05-16 02:03:48 0 d-------- C:\Temp
2008-05-16 02:03:43 28672 --a------ C:\WINDOWS\system32\ddcCsTNF.dll
2008-05-16 02:03:02 39936 --a------ C:\WINDOWS\17PHolmes1001186(2).exe
2008-05-16 01:25:59 0 d-------- C:\Memorex Vault
2008-05-12 09:43:38 68096 --a------ C:\WINDOWS\b155.exe
2008-05-12 06:19:42 73728 --a------ C:\WINDOWS\b156.exe
2008-04-30 01:50:52 0 d-------- C:\Documents and Settings\Owner\WINDOWS
2008-04-30 01:46:45 0 d-------- C:\Program Files\7-Zip
2008-04-30 01:40:37 0 d-------- C:\Program Files\Elaborate Bytes
2008-04-30 01:28:14 48640 --a------ C:\WINDOWS\system32\rar.exe
2008-04-30 00:20:01 0 d-------- C:\Program Files\LimeWire
2008-04-29 12:41:57 0 d-------- C:\Program Files\CCleaner
2008-04-21 16:47:31 0 d-------- C:\Documents and Settings\Owner\dwhelper


-- Find3M Report ---------------------------------------------------------------

2008-05-21 01:36:11 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2008-05-21 01:36:10 32256 --a------ C:\WINDOWS\system32\wupdmgr.exe
2008-05-21 01:36:05 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2008-05-21 01:36:04 16896 --a------ C:\WINDOWS\system32\tftp.exe
2008-05-21 01:36:03 15360 --a------ C:\WINDOWS\system32\taskman.exe
2008-05-21 01:36:03 105984 --a------ C:\WINDOWS\system32\sysocmgr.exe
2008-05-21 01:35:57 25600 --a------ C:\WINDOWS\system32\routemon.exe
2008-05-21 01:35:56 3584 --a------ C:\WINDOWS\system32\regedt32.exe
2008-05-21 01:35:54 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2008-05-21 01:35:53 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2008-05-21 01:35:52 49152 --a------ C:\WINDOWS\system32\powercfg.exe
2008-05-21 01:35:51 17920 --a------ C:\WINDOWS\system32\ping.exe
2008-05-21 01:35:51 40448 --a------ C:\WINDOWS\system32\osuninst.exe
2008-05-21 01:35:48 124928 --a------ C:\WINDOWS\system32\net1.exe
2008-05-21 01:35:48 42496 --a------ C:\WINDOWS\system32\net.exe
2008-05-21 01:35:47 53760 --a------ C:\WINDOWS\system32\narrator.exe
2008-05-21 01:35:44 45568 --a------ C:\WINDOWS\system32\mshta.exe
2008-05-21 01:35:42 143360 --a------ C:\WINDOWS\system32\mobsync.exe
2008-05-21 01:35:42 72704 --a------ C:\WINDOWS\system32\magnify.exe
2008-05-21 01:35:39 29696 --a------ C:\WINDOWS\system32\lights.exe
2008-05-21 01:35:37 446464 --a------ C:\WINDOWS\system32\igfxcfg.exe
2008-05-21 01:35:35 20992 --a------ C:\WINDOWS\system32\fontview.exe
2008-05-21 01:35:32 1298432 --a------ C:\WINDOWS\system32\dxdiag.exe
2008-05-21 01:35:31 17920 --a------ C:\WINDOWS\system32\dvdupgrd.exe
2008-05-21 01:35:30 18432 --a------ C:\WINDOWS\system32\dpnsvr.exe
2008-05-21 01:35:30 10752 --a------ C:\WINDOWS\system32\doskey.exe
2008-05-21 01:35:29 15872 --a------ C:\WINDOWS\system32\dmremote.exe
2008-05-21 01:35:28 82432 --a------ C:\WINDOWS\system32\dfrgfat.exe
2008-05-20 18:49:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 18:20:47 69120 --a------ C:\WINDOWS\system32\notepad.exe
2008-05-20 17:56:45 0 d-------- C:\Program Files\Windows NT
2008-05-20 17:56:43 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-20 17:56:42 0 d-------- C:\Program Files\Winamp
2008-05-20 17:56:41 0 d-------- C:\Program Files\Palm
2008-05-20 17:55:21 25600 --a------ C:\WINDOWS\twunk_32.exe
2008-05-20 17:55:21 30720 --a------ C:\WINDOWS\system32\xcopy.exe
2008-05-20 17:55:20 5632 --a------ C:\WINDOWS\system32\write.exe
2008-05-20 17:55:20 32256 --a------ C:\WINDOWS\system32\wpnpinst.exe
2008-05-20 17:55:20 17408 --a------ C:\WINDOWS\system32\wpdshextautoplay.exe
2008-05-20 17:55:20 32256 --a------ C:\WINDOWS\system32\wpabaln.exe
2008-05-20 17:55:19 11776 --a------ C:\WINDOWS\system32\winmsd.exe
2008-05-20 17:55:19 8192 --a------ C:\WINDOWS\system32\winhlp32.exe
2008-05-20 17:55:19 65536 --a------ C:\WINDOWS\system32\wextract.exe
2008-05-20 17:55:18 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2008-05-20 17:55:17 289792 --a------ C:\WINDOWS\system32\vssvc.exe
2008-05-20 17:55:17 98304 --a------ C:\WINDOWS\system32\verifier.exe
2008-05-20 17:55:17 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2008-05-20 17:55:17 50176 --a------ C:\WINDOWS\system32\utilman.exe
2008-05-20 17:55:16 18432 --a------ C:\WINDOWS\system32\ups.exe
2008-05-20 17:55:15 16896 --a------ C:\WINDOWS\system32\upnpcont.exe
2008-05-20 17:55:15 4096 --a------ C:\WINDOWS\system32\unlodctr.exe
2008-05-20 17:55:15 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2008-05-20 17:55:15 16384 --a------ C:\WINDOWS\system32\tskill.exe
2008-05-20 17:55:15 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2008-05-20 17:55:15 14848 --a------ C:\WINDOWS\system32\tscon.exe
2008-05-20 17:55:15 31744 --a------ C:\WINDOWS\system32\tracert6.exe
2008-05-20 17:55:14 12288 --a------ C:\WINDOWS\system32\tracert.exe
2008-05-20 17:55:14 75776 --a------ C:\WINDOWS\system32\telnet.exe
2008-05-20 17:55:14 19456 --a------ C:\WINDOWS\system32\tcpsvcs.exe
2008-05-20 17:55:14 12288 --a------ C:\WINDOWS\system32\tcmsetup.exe
2008-05-20 17:55:14 3072 --a------ C:\WINDOWS\system32\systray.exe
2008-05-20 17:55:13 51200 --a------ C:\WINDOWS\system32\syncapp.exe
2008-05-20 17:55:09 9216 --a------ C:\WINDOWS\system32\subst.exe
2008-05-20 17:55:09 14848 --a------ C:\WINDOWS\system32\stimon.exe
2008-05-20 17:55:09 679936 --a------ C:\WINDOWS\system32\sstext3d.scr
2008-05-20 17:55:08 14336 --a------ C:\WINDOWS\system32\ssstars.scr
2008-05-20 17:55:08 610304 --a------ C:\WINDOWS\system32\sspipes.scr
2008-05-20 17:55:08 18944 --a------ C:\WINDOWS\system32\ssmyst.scr
2008-05-20 17:55:08 47104 --a------ C:\WINDOWS\system32\ssmypics.scr
2008-05-20 17:55:08 20992 --a------ C:\WINDOWS\system32\ssmarque.scr
2008-05-20 17:55:08 393216 --a------ C:\WINDOWS\system32\ssflwbox.scr
2008-05-20 17:55:07 19968 --a------ C:\WINDOWS\system32\ssbezier.scr
2008-05-20 17:55:03 11776 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-05-20 17:55:03 56832 --a------ C:\WINDOWS\system32\sol.exe
2008-05-20 17:55:03 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2008-05-20 17:55:02 89600 --a------ C:\WINDOWS\system32\smlogsvc.exe
2008-05-20 17:55:02 8192 --a------ C:\WINDOWS\system32\smbinst.exe
2008-05-20 17:55:02 26112 --a------ C:\WINDOWS\system32\skeys.exe
2008-05-20 17:55:02 70144 --a------ C:\WINDOWS\system32\sigverif.exe
2008-05-20 17:55:02 19456 --a------ C:\WINDOWS\system32\shutdown.exe
2008-05-20 17:55:02 77824 --a------ C:\WINDOWS\system32\shrpubw.exe
2008-05-20 17:55:02 42496 --a------ C:\WINDOWS\system32\shmgrate.exe
2008-05-20 17:55:02 14848 --a------ C:\WINDOWS\system32\shadow.exe
2008-05-20 17:55:01 9728 --a------ C:\WINDOWS\system32\sfc.exe
2008-05-20 17:55:01 23040 --a------ C:\WINDOWS\system32\setup.exe
2008-05-20 17:55:01 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2008-05-20 17:55:01 95744 --a------ C:\WINDOWS\system32\scardsvr.exe
2008-05-20 17:55:00 31232 --a------ C:\WINDOWS\system32\sc.exe
2008-05-20 17:55:00 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2008-05-20 17:55:00 77312 --a------ C:\WINDOWS\system32\rtcshare.exe
2008-05-20 17:55:00 132608 --a------ C:\WINDOWS\system32\rsvp.exe
2008-05-20 17:55:00 24576 --a------ C:\WINDOWS\system32\rsmsink.exe
2008-05-20 17:54:59 49152 --a------ C:\WINDOWS\system32\rsm.exe
2008-05-20 17:54:59 14848 --a------ C:\WINDOWS\system32\rsh.exe
2008-05-20 17:54:59 19968 --a------ C:\WINDOWS\system32\route.exe
2008-05-20 17:54:58 4608 --a------ C:\WINDOWS\system32\regwiz.exe
2008-05-20 17:54:58 33792 --a------ C:\WINDOWS\system32\regini.exe
2008-05-20 17:54:58 50176 --a------ C:\WINDOWS\system32\reg.exe
2008-05-20 17:54:58 7168 --a------ C:\WINDOWS\system32\recover.exe
2008-05-20 17:54:57 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2008-05-20 17:54:57 21504 --a------ C:\WINDOWS\system32\rcp.exe
2008-05-20 17:54:57 56832 --a------ C:\WINDOWS\system32\rasphone.exe
2008-05-20 17:54:57 11264 --a------ C:\WINDOWS\system32\rasdial.exe
2008-05-20 17:54:57 11776 --a------ C:\WINDOWS\system32\rasautou.exe
2008-05-20 17:54:57 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2008-05-20 17:54:56 9216 --a------ C:\WINDOWS\system32\proxycfg.exe
2008-05-20 17:54:56 50176 --a------ C:\WINDOWS\system32\proquota.exe
2008-05-20 17:54:56 109568 --a------ C:\WINDOWS\system32\progman.exe
2008-05-20 17:54:56 9216 --a------ C:\WINDOWS\system32\print.exe
2008-05-20 17:54:56 84480 --a------ C:\WINDOWS\system32\pintool.exe
2008-05-20 17:54:55 33280 --a------ C:\WINDOWS\system32\ping6.exe
2008-05-20 17:54:55 15872 --a------ C:\WINDOWS\system32\perfmon.exe
2008-05-20 17:54:55 15360 --a------ C:\WINDOWS\system32\pentnt.exe
2008-05-20 17:54:55 21504 --a------ C:\WINDOWS\system32\pathping.exe
2008-05-20 17:54:55 58368 --a------ C:\WINDOWS\system32\packager.exe
2008-05-20 17:54:54 215552 --a------ C:\WINDOWS\system32\osk.exe
2008-05-20 17:54:54 31744 --a------ C:\WINDOWS\system32\ntsd.exe
2008-05-20 17:54:53 76800 --a------ C:\WINDOWS\system32\nslookup.exe
2008-05-20 17:54:53 36864 --a------ C:\WINDOWS\system32\netstat.exe
2008-05-20 17:54:53 86016 --a------ C:\WINDOWS\system32\netsh.exe
2008-05-20 17:54:53 331776 --a------ C:\WINDOWS\system32\netsetup.exe
2008-05-20 17:54:53 111104 --a------ C:\WINDOWS\system32\netdde.exe
2008-05-20 17:54:52 4096 --a------ C:\WINDOWS\system32\nddeapir.exe
2008-05-20 17:54:52 20480 --a------ C:\WINDOWS\system32\nbtstat.exe
2008-05-20 17:54:51 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2008-05-20 17:54:51 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2008-05-20 17:54:51 6656 --a------ C:\WINDOWS\system32\msswchx.exe
2008-05-20 17:54:51 20992 --a------ C:\WINDOWS\system32\msg.exe
2008-05-20 17:54:50 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2008-05-20 17:54:50 22016 --a------ C:\WINDOWS\system32\mpnotify.exe
2008-05-20 17:54:50 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2008-05-20 17:54:50 8192 --a------ C:\WINDOWS\system32\mountvol.exe
2008-05-20 17:54:49 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2008-05-20 17:54:49 51712 --a------ C:\WINDOWS\system32\migpwd.exe
2008-05-20 17:54:48 85504 --a------ C:\WINDOWS\system32\makecab.exe
2008-05-20 17:54:48 8192 --a------ C:\WINDOWS\system32\lpr.exe
2008-05-20 17:54:48 6144 --a------ C:\WINDOWS\system32\lpq.exe
2008-05-20 17:54:48 15360 --a------ C:\WINDOWS\system32\logoff.exe
2008-05-20 17:54:48 100864 --a------ C:\WINDOWS\system32\logagent.exe
2008-05-20 17:54:47 5120 --a------ C:\WINDOWS\system32\lodctr.exe
2008-05-20 17:54:47 75264 --a------ C:\WINDOWS\system32\locator.exe
2008-05-20 17:54:47 25088 --a------ C:\WINDOWS\system32\lnkstub.exe
2008-05-20 17:54:47 9728 --a------ C:\WINDOWS\system32\label.exe
2008-05-20 17:54:46 23552 --a------ C:\WINDOWS\system32\ipxroute.exe
2008-05-20 17:54:46 44032 --a------ C:\WINDOWS\system32\ipsec6.exe
2008-05-20 17:54:46 55808 --a------ C:\WINDOWS\system32\ipconfig.exe
2008-05-20 17:54:45 114688 --a------ C:\WINDOWS\system32\igfxzoom.exe
2008-05-20 17:54:45 94208 --a------ C:\WINDOWS\system32\igfxext.exe
2008-05-20 17:54:44 114688 --a------ C:\WINDOWS\system32\ialmudlg.exe
2008-05-20 17:54:44 7680 --a------ C:\WINDOWS\system32\hostname.exe
2008-05-20 17:54:44 14848 --a------ C:\WINDOWS\system32\help.exe
2008-05-20 17:54:43 39424 --a------ C:\WINDOWS\system32\grpconv.exe
2008-05-20 17:54:43 42496 --a------ C:\WINDOWS\system32\ftp.exe
2008-05-20 17:54:43 56320 --a------ C:\WINDOWS\system32\fsutil.exe
2008-05-20 17:54:43 55296 --a------ C:\WINDOWS\system32\freecell.exe
2008-05-20 17:54:43 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2008-05-20 17:54:42 3072 --a------ C:\WINDOWS\system32\fixmapi.exe
2008-05-20 17:54:42 158208 --a------ C:\WINDOWS\system32\findstr.exe
2008-05-20 17:54:42 9216 --a------ C:\WINDOWS\system32\find.exe
2008-05-20 17:54:42 14848 --a------ C:\WINDOWS\system32\fc.exe
2008-05-20 17:54:42 45568 --a------ C:\WINDOWS\system32\extrac32.exe
2008-05-20 17:54:42 8704 --a------ C:\WINDOWS\system32\eventvwr.exe
2008-05-20 17:54:42 193024 --a------ C:\WINDOWS\system32\eudcedit.exe
2008-05-20 17:54:42 39424 --a------ C:\WINDOWS\system32\esentutl.exe
2008-05-20 17:54:41 55296 --a------ C:\WINDOWS\system32\dvdplay.exe
2008-05-20 17:54:41 249856 --a------ C:\WINDOWS\system32\drmupgds.exe
2008-05-20 17:54:40 83456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2008-05-20 17:54:40 30208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2008-05-20 17:54:39 224768 --a------ C:\WINDOWS\system32\dmadmin.exe
2008-05-20 17:54:39 4608 --a------ C:\WINDOWS\system32\dllhst3g.exe
2008-05-20 17:53:47 17920 --a------ C:\WINDOWS\system32\diskperf.exe
2008-05-20 17:53:47 163840 --a------ C:\WINDOWS\system32\diskpart.exe
2008-05-20 17:53:47 85504 --a------ C:\WINDOWS\system32\diantz.exe
2008-05-20 17:53:47 30208 --a------ C:\WINDOWS\system32\ddeshare.exe
2008-05-20 17:53:46 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2008-05-20 17:53:46 13824 --a------ C:\WINDOWS\system32\convert.exe
2008-05-20 17:53:46 8192 --a------ C:\WINDOWS\system32\control.exe
2008-05-20 17:53:46 17408 --a------ C:\WINDOWS\system32\compact.exe
2008-05-20 17:53:45 15872 --a------ C:\WINDOWS\system32\comp.exe
2008-05-20 17:53:45 63488 --a------ C:\WINDOWS\system32\cmstp.exe
2008-05-20 17:53:45 39936 --a------ C:\WINDOWS\system32\cmmon32.exe
2008-05-20 17:53:45 47104 --a------ C:\WINDOWS\system32\cmdl32.exe
2008-05-20 17:53:45 33280 --a------ C:\WINDOWS\system32\clipsrv.exe
2008-05-20 17:53:45 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2008-05-20 17:53:45 64000 --a------ C:\WINDOWS\system32\cleanmgr.exe
2008-05-20 17:53:45 7680 --a------ C:\WINDOWS\system32\ckcnv.exe
2008-05-20 17:53:45 5632 --a------ C:\WINDOWS\system32\cisvc.exe
2008-05-20 17:53:45 8192 --a------ C:\WINDOWS\system32\cidaemon.exe
2008-05-20 17:53:44 11264 --a------ C:\WINDOWS\system32\chkntfs.exe
2008-05-20 17:53:44 11776 --a------ C:\WINDOWS\system32\chkdsk.exe
2008-05-20 17:53:44 80384 --a------ C:\WINDOWS\system32\charmap.exe
2008-05-20 17:53:44 18432 --a------ C:\WINDOWS\system32\cacls.exe
2008-05-20 17:53:44 5120 --a------ C:\WINDOWS\system32\bootvrfy.exe
2008-05-20 17:53:44 4608 --a------ C:\WINDOWS\system32\bootok.exe
2008-05-20 17:53:44 71680 --a------ C:\WINDOWS\system32\blastcln.exe
2008-05-20 17:53:44 14336 --a------ C:\WINDOWS\system32\auditusr.exe
2008-05-20 17:53:44 76800 --a------ C:\WINDOWS\system32\attrib.exe
2008-05-20 17:53:44 11264 --a------ C:\WINDOWS\system32\atmadm.exe
2008-05-20 17:53:44 25088 --a------ C:\WINDOWS\system32\at.exe
2008-05-20 17:53:43 189952 --a------ C:\WINDOWS\system32\WISPTIS.EXE
2008-05-20 17:53:43 19456 --a------ C:\WINDOWS\system32\arp.exe
2008-05-20 17:53:43 142848 --a------ C:\WINDOWS\system32\alg.exe
2008-05-20 17:53:41 118784 --a------ C:\WINDOWS\system32\Prounstl.exe
2008-05-20 17:53:40 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-20 17:53:40 49152 --a------ C:\WINDOWS\system32\DSndUp.exe
2008-05-20 17:53:40 45056 --a------ C:\WINDOWS\system32\CleanUp.exe
2008-05-20 17:53:35 10752 --a------ C:\WINDOWS\hh.exe
2008-05-20 17:36:32 57856 --a------ C:\WINDOWS\system32\spoolsv.exe
2008-05-20 17:35:47 1033216 --a------ C:\WINDOWS\explorer.exe
2008-05-20 17:35:42 13824 --a------ C:\WINDOWS\system32\wscntfy.exe
2008-05-20 15:30:06 12800 --a------ C:\WINDOWS\system32\mrinfo.exe
2008-05-20 15:28:42 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-20 04:23:48 37376 --a------ C:\WINDOWS\system32\defrag.exe
2008-05-20 02:57:51 135680 --a------ C:\WINDOWS\system32\taskmgr.exe
2008-05-20 02:57:47 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2008-05-20 02:57:40 35840 --a------ C:\WINDOWS\system32\rcimlby.exe
2008-05-20 02:57:32 78848 --a------ C:\WINDOWS\system32\msiexec.exe
2008-05-20 02:57:06 79360 --a------ C:\WINDOWS\system32\rdshost.exe
2008-05-20 02:56:49 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2008-05-20 02:56:47 347136 --a------ C:\WINDOWS\system32\tourstart.exe
2008-05-20 02:56:29 180224 --a------ C:\WINDOWS\system32\dwwin.exe
2008-05-20 02:56:28 10752 --a------ C:\WINDOWS\system32\dumprep.exe
2008-05-20 02:56:21 45568 --a------ C:\WINDOWS\system32\drwtsn32.exe
2008-05-20 02:56:18 388608 --a------ C:\WINDOWS\system32\cmd.exe
2008-05-20 02:55:20 114688 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-05-20 02:55:19 94208 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-05-20 02:54:11 146432 --a------ C:\WINDOWS\system32\WudfHost.exe
2008-05-20 02:54:00 150016 --a------ C:\WINDOWS\system32\imapi.exe
2008-05-20 02:53:08 770048 --a------ C:\WINDOWS\system32\NTSpool.exe
2008-05-20 02:52:56 119808 --a------ C:\WINDOWS\system32\winmine.exe
2008-05-20 02:52:50 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2008-05-20 02:52:47 114688 --a------ C:\WINDOWS\system32\calc.exe
2008-05-20 02:52:31 28672 --a------ C:\WINDOWS\system32\verclsid.exe
2008-05-20 02:52:04 24576 --a------ C:\WINDOWS\system32\userinit.exe
2008-05-20 02:51:48 514560 --a------ C:\WINDOWS\system32\logonui.exe
2008-05-20 02:51:19 419840 --a------ C:\WINDOWS\system32\ntvdm.exe
2008-05-20 02:44:18 220672 --a------ C:\WINDOWS\system32\logon.scr
2008-05-20 02:18:09 98304 --a------ C:\WINDOWS\system32\cscript.exe
2008-05-20 02:18:05 159744 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2008-05-20 02:00:11 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2008-05-18 16:28:05 0 d-------- C:\Program Files\DivX
2008-05-17 23:34:38 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-16 02:50:33 1626 --a------ C:\WINDOWS\mozver.dat
2008-05-16 02:44:26 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-08 11:15:10 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-25 02:11:38 0 d-------- C:\Program Files\VstPlugins
2008-04-25 02:06:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-15 02:13:57 0 d-------- C:\Documents and Settings\Owner\Application Data\FrostWire
2008-04-10 21:15:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-04-10 21:14:54 0 d-------- C:\Program Files\Google
2008-04-08 21:39:48 0 d-------- C:\Program Files\Audacity
2008-03-28 16:13:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Arcsoft
2008-03-28 15:53:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-03-28 15:49:43 0 d-------- C:\Program Files\Documents To Go
2008-03-28 15:49:43 0 d-------- C:\Program Files\Common Files\DataViz
2008-03-28 15:46:56 0 d-------- C:\Documents and Settings\Owner\Application Data\HotSync
2008-03-27 00:24:42 0 d-------- C:\Program Files\CamStudio
2008-03-26 02:17:44 0 d-------- C:\Program Files\IrfanView


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown



-- Hosts -----------------------------------------------------------------------

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info


-- End of Deckard's System Scanner: finished at 2008-05-21 01:41:15 ------------
Posted 5/21/2008 10:03 AM
#62284
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Please download:

https://swandog46.geekstogo.com/avenger2/avenger.zip





Right click on the Avenger.zip folder and select "Extract to Avenger...



You will now have an Avenger folder on your desktop.



Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing Ctrl+C

Quote:



[table class=MsoNormalTable style="BACKGROUND: silver; MARGIN: auto auto auto 15pt; WIDTH: 100%; mso-cellspacing: 0cm; mso-padding-alt: 4.5pt 4.5pt 4.5pt 4.5pt" cellSpacing=0 cellPadding=0 width="100%" border=0]
[tr style="mso-yfti-irow: 0; mso-yfti-firstrow: yes; mso-yfti-lastrow: yes"][td style="BORDER-RIGHT: #ffffff; PADDING-RIGHT: 4.5pt; BORDER-TOP: #ffffff; PADDING-LEFT: 4.5pt; PADDING-BOTTOM: 4.5pt; BORDER-LEFT: #ffffff; PADDING-TOP: 4.5pt; BORDER-BOTTOM: #ffffff; BACKGROUND-COLOR: transparent"]Comment:
Custom Avenger script for Bullguard user Atryom






Files to delete:
C:\WINDOWS\system32\jsmoouho.dll
C:\WINDOWS\system32\hmeeiyqj.dll


C:\WINDOWS\system32\baynceau.exe

C:\WINDOWS\system32\hqqdjgvr.dll
C:\WINDOWS\system32\empreokv.dll
C:\WINDOWS\system32\unlpjajq.dll
C:\WINDOWS\system32\fxvqskec.dll
C:\WINDOWS\system32\dysbribn.exe
C:\WINDOWS\system32\idshsqdp.dll
C:\WINDOWS\system32\kcrshwnl.dll


C:\WINDOWS\system32\IlmTCJjl.ini2
C:\WINDOWS\system32\ljJCTmlI.dll


C:\WINDOWS\system32\vtUnlJaX.dll
C:\Documents and Settings\Owner\services.exe


C:\WINDOWS\system32\ddcCsTNF.dll
C:\WINDOWS\17PHolmes1001186(2).exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe




Drivers to unload:

Viewpoint Manager Service

Folders to delete:
C:\Program Files\LimeWire

C:\Documents and Settings\Owner\Application Data\FrostWire

C:\Program Files\Viewpoint




[/td][/tr][/table]

Make sure the Scan for rootkits is checked ...

& the Automatically disable any rootkits found is NOT checked ...

Click on Execute

Answer "Yes" twice when prompted.


After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt





PPlease copy/paste the content of C:\avenger.txt into your reply along with a fresh HJT log

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 5/21/2008 2:33 PM
#62290
User avatar

Atryom Member

Date Joined Nov 2016
Total Posts: 8
Logfile of The Avenger Version 2.0, (c) by Swandog46
https://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\jsmoouho.dll" deleted successfully.
File "C:\WINDOWS\system32\hmeeiyqj.dll" deleted successfully.
File "C:\WINDOWS\system32\baynceau.exe" deleted successfully.
File "C:\WINDOWS\system32\hqqdjgvr.dll" deleted successfully.
File "C:\WINDOWS\system32\empreokv.dll" deleted successfully.
File "C:\WINDOWS\system32\unlpjajq.dll" deleted successfully.
File "C:\WINDOWS\system32\fxvqskec.dll" deleted successfully.
File "C:\WINDOWS\system32\dysbribn.exe" deleted successfully.
File "C:\WINDOWS\system32\idshsqdp.dll" deleted successfully.
File "C:\WINDOWS\system32\kcrshwnl.dll" deleted successfully.
File "C:\WINDOWS\system32\IlmTCJjl.ini2" deleted successfully.
File "C:\WINDOWS\system32\ljJCTmlI.dll" deleted successfully.
File "C:\WINDOWS\system32\vtUnlJaX.dll" deleted successfully.
File "C:\Documents and Settings\Owner\services.exe" deleted successfully.
File "C:\WINDOWS\system32\ddcCsTNF.dll" deleted successfully.
File "C:\WINDOWS\17PHolmes1001186(2).exe" deleted successfully.
File "C:\WINDOWS\b155.exe" deleted successfully.
File "C:\WINDOWS\b156.exe" deleted successfully.
Driver "Viewpoint Manager Service" deleted successfully.
Folder "C:\Program Files\LimeWire" deleted successfully.
Folder "C:\Documents and Settings\Owner\Application Data\FrostWire" deleted successfully.
Folder "C:\Program Files\Viewpoint" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Posted 5/22/2008 1:54 AM
#62295
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Go to Start->Run and copy/paste ComboFix /snapshot and hit OK. It should run Combofix and give you a new log ....post the log here, along with new hijackthis log and tell how things are running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/4/2008 8:07 PM
#62646
User avatar

Atryom Member

Date Joined Nov 2016
Total Posts: 8
When trying to run combofix, this is the error I recieve.

https://img142.imageshack.us/img142/3316/errorbv4.png

For HijackThis, this is the log:

Logfile of HijackThis v1.99.1
Scan saved at 4:00:12 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\lsass.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: {4f2bb9a4-6d41-383a-6b14-00da80f0ed37} - {73de0f08-ad00-41b6-a383-14d64a9bb2f4} - C:\WINDOWS\system32\jsmoouho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8A290466-39BD-419B-93DB-0E9599506654} - C:\WINDOWS\system32\vtUnlJaX.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A284EA2D-3599-4945-B73E-42CE76CA8D26} - C:\WINDOWS\system32\ljJCTmlI.dll (file missing)
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [BM1be58b12] Rundll32.exe "C:\WINDOWS\system32\hmeeiyqj.dll",s
O4 - HKLM\..\Run: [18d6b88e] rundll32.exe "C:\WINDOWS\system32\pabacilx.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Owner\lsass.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Instapp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: vtUnlJaX - vtUnlJaX.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
Posted 6/5/2008 6:39 AM
#62654
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok.


Go to https://www.sarc.com/avcenter/FixSirc.com


Download the Fixsirc.com file to a convenient location, such as your download folder or the Windows desktop. If you are on a network, the removal tool should be applied on all computers, including the server.
To check the authenticity of the digital signature, refer the section The digital signature.
Close all programs before running the tool, including any antivirus scanners.





Reboot, and see if You can run combofix ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/12/2008 5:04 AM
#62767
User avatar

Atryom Member

Date Joined Nov 2016
Total Posts: 8
When I ran FixSirc.exe it said there was no Win32.Sircam.Worm@mm infection.

Then I tried running Combofix again, same problem as before.
Posted 6/12/2008 5:27 AM
#62768
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok.




Download regallow.exe from here and save it to your desktop:

regallow.exe

Confirm that the file regallow.exe now resides on your desktop, double click on the regallow.exe program. When the program launches, click on the Enable Registry Tools button. When it says the tools are enabled, click on the OK button to exit the program.




Reboot, and see if you can run combofix now

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/12/2008 6:32 PM
#62775
User avatar

Atryom Member

Date Joined Nov 2016
Total Posts: 8
User image

This is the error that I receive. By the way, I really appreciate your help.
Posted 6/14/2008 4:33 AM
#62798
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Looks like your profile are corrupted. Try this ->




Log on as the Administrator or as a user with administrator credentials.
2. Click Start, and then click Control Panel.
3. Click User Accounts.
4. Click the Advanced tab, and then click Advanced.
5. In the left pane, click the Users folder.
6. On the Action menu, click New User.
7. Enter the appropriate user information, and then click Create.




You should be able to run combofix now

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/15/2008 6:33 AM
#62803
User avatar

Atryom Member

Date Joined Nov 2016
Total Posts: 8
Tells me it cannot find C:\WINDOWS\system32\rundll32.exe
Posted 6/17/2008 4:55 AM
#62831
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Looks like you have some corrupted or missing system files, I´ll therefore suggest you run this ->



Go to the Run box on the Start Menu and type in:
[2]
sfc /scannow

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.




Reboot and tell how things re running now
[/2]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/22/2008 3:19 AM
#62923
User avatar

Atryom Member

Date Joined Nov 2016
Total Posts: 8
Still has the missing rundll32.exe missing.
Posted 7/9/2008 11:22 AM
#63362
User avatar

Biagio_22 Member

Date Joined Nov 2016
Total Posts: 1
Hi!
I have a similar problem.
First of all I'm Italian..sorry for the mistakes.
I've probably a virus. When i try to install an Anti-Virus, all applications are closed and the Installation cannot be complete. I've tried to run Avenger (because i saw a potential-virus) but I've got the same problem...What can I do?
@a href="https://spacegames.forumcommunity.net"@@img src="https://img20.imageshack.us/img20/893/razorde4.png"@@/img@@/a@


@a href="https://spacegames.forumcommunity.net"@@img src="https://i32.tinypic.com/ixxekx.png"@@/img@@/a@
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, December 16, 2019, 5:28 AM (GMT +1)
There are a total of 61,754 posts in 13,626 threads.
In the last 3 days there were 0 new threads and 1 reply posts.

Who's online

This forum has 38,556 registered members. Please welcome our newest member, aniaaa.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.