Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Slow, IE not working, Redirect search engine results...etc

Started by x_moomoo_x , Oct 04 2009 08:15 AM

  • This topic is locked This topic is locked
9 replies to this topic

#1 x_moomoo_x

x_moomoo_x

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 04 October 2009 - 08:15 AM

Hi over the past month my laptop has just got worse and worse.
It started with google just being a blank white page on IE so the only browser that worked properly was safari so I had been using that but then i noticed that the links on a search engine result would redirect me to other random webpages.
Next my IE stopped working completely and would always come up with 'internet explorer has stopped working' and would close.
Then one day i logged on and my screen was just blank so i restarted it and ever since, my whole laptop has been really slow and takes about 20minutes to start up.
The internet works in spurts so it would be fast for about 1 minute but then it would freeze for ages...

this is my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:00, on 04/10/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...P&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...P&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...P&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...P&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: mscorewr - {00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000} - C:\Windows\system32\mscorewr.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSN helper - {50A99122-4C8C-4317-811E-54B5DAD44B52} - lkopc.dll (file missing)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\Windows\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [ParetoLogic Anti-Virus PLUS] "C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\Users\User\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-1264968777-2245563693-2185939587-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-1264968777-2245563693-2185939587-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-1264968777-2245563693-2185939587-1000\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart (User '?')
O4 - HKUS\S-1-5-21-1264968777-2245563693-2185939587-1000\..\Run: [autochk] rundll32.exe C:\Users\User\protect.dll,_IWMPEvents@16 (User '?')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\Windows\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\Windows\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 (User 'Default user')
O4 - S-1-5-21-1264968777-2245563693-2185939587-1000 Startup: DeliveryManager.lnk = ? (User '?')
O4 - S-1-5-21-1264968777-2245563693-2185939587-1000 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: DeliveryManager.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: ngmn1.dll
O10 - Unknown file in Winsock LSP: ngmn1.dll
O10 - Unknown file in Winsock LSP: ngmn1.dll
O10 - Unknown file in Winsock LSP: ngmn1.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplu...lug/beta/SP.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.5.0.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....NPUplden-gb.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O23 - Service: Application Experience AeLookupSvcALG (AeLookupSvcALG) - Unknown owner - C:\Windows\TEMP\prlgvybopn.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe

Edited by x_moomoo_x, 04 October 2009 - 08:46 AM.

    Advertisements

Register to Remove

#2 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 04 October 2009 - 06:44 PM

Hello and :welcome: Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise. This may cause a delay, but I will do my best to keep it as short as possible. I am checking over your log , I will post back shortly with instructions.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

#3 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 04 October 2009 - 08:54 PM

Hi x_moomoo_x,

:welcome:

I will be helping you on removing malwares on your computer. Log research takes time, so please be patient and I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Do not install/uninstall anything on your computer unless advised.
  • Do not run any other scanning tools other than those instructed for you to use.
  • Follow the instructions on the order they are given.
  • Stay with this thread until advised when your computer is clean. Absence of symptoms does not necessarily mean a clean computer.
  • If you are being helped regarding this problem on another forum please advice us so that we can close this thread.
  • And lastly, if you have any questions, please ask before proceeding with any of the advised fixes.

As a Vista user, you will need to right click and choose "Run as Administrator" to run the tools we will use.

You have three anti virus running on your computer, ParetoLogic AV Plus, Avira, Norton. Running more than one anti virus at the same time does not only slow down your computer but
provides less protection than they are programmed to do, due to the fact that they will be conflicting with each other rather than providing sufficient protection for your computer. Please uninstall one of your anti virus [/b]before[/b] proceeding with any of the fixes.

Your log shows signs of a trojan infection. The capabilities of this particular trojan include keylogging and password stealing so I advise you to take all precautions to safeguard your accounts, passwords, and sensitive data. If you have entered any credit card details or use your computer for financial/banking transactions, you should notify your banks and financial institutions that you may have been a victim of identity theft and to put a watch on your accounts. For more information, please read How to report ID theft, fraud, drive-by installs, hijacking and malware. I also recommend that you change your online passwords for email, banks, etc., immediately -- from a clean computer. It bears repeating to change passwords from a clean computer only.
Many experts believe that once a computer has been infected with this type of Trojan, it is best to reformat and reinstall the Operating System. The reason is that even after cleaning, there may be some remnants left in the system. It is hard to discern how much damage has been done. Only you can decide whether it would be best to reformat and start over. We can proceed with the cleanup process if you prefer. If you decide to reformat, be sure save your important data to backup media but make sure that you scan it all before you put it back on a clean system. Please read the following: When should I re-format? How should I reinstall?

If you wish to continue with the fix, please do the following:

Malicious DLL file(s) has/have disrupted the Layered Service Provider (LSP) chain on your computer. This can be seen by the entries in the O10 lines of your HijackThis log. These files must be carefully removed.

A. Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Right click Erunt.exe then choose Run as Administrator to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

--Next--
  • Click on Start button.
  • Type Cmd in the Start Search text box.
  • Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request.
  • Type netsh winsock reset in the Command Prompt shell, and then press the Enter key.
  • Restart your computer normally.


--Next--


Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Right click DDS icon then choose Run as Administrator to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:

  • Under the reply panel is the Attachments Panel.
  • Browse for the attachment file you want to upload, then click the green Upload button.
  • Once it has uploaded, click the Manage Current Attachments drop down box.
  • Click on to insert the attachment into your post



Please post both DDS logs in your next reply.


--Next--

We Need to check for Rootkits with RootRepeal
Please download RootRepeal one of these locations and save it to your desktop
Here
Here
Here
  • Right click Posted Image then choose Run as Administrator on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check just these boxes:
  • Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:, and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.


Logs to post in your next reply:
1. DDS logs.
2. RootRepeal log.

How is your internet browsing?

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

#4 x_moomoo_x

x_moomoo_x

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 05 October 2009 - 03:56 AM

Thank you for your help! Just before I do anything, I noticed the erunt download said it was just for windows xp and not for Vista...?

#5 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 05 October 2009 - 06:46 PM

Hi, The current version now supports Windows Vista.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

#6 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 07 October 2009 - 06:36 PM

Hi, It's been a while. Do you still need help on this? This topic will be closed after 48 hours if you do not reply. Thank you.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

#7 x_moomoo_x

x_moomoo_x

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 07 October 2009 - 07:48 PM

Sorry for the delay! I'm not sure if the root repeal worked correctly because it came up with some error but I will post the results anyway. DDS.TXT: DDS (Ver_09-09-29.01) - NTFSx86 Run by User at 2:24:23.56 on 08/10/2009 Internet Explorer: 8.0.6001.18813 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1982.862 [GMT 1:00] AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Hp\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\TEMP\prlgvybopn.exe C:\Windows\TEMP\prlgvybopn.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Safari\Safari.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\lpremove.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\lpksetup.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\User\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearch Bar = Preserve uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=HP&pf=laptop uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=HP&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=HP&pf=laptop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=HP&pf=laptop uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: MSN helper: {50a99122-4c8c-4317-811e-54b5dad44b52} - lkopc.dll BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart uRun: [autochk] rundll32.exe c:\users\user\protect.dll,_IWMPEvents@16 mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe" mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16 mRun: [ParetoLogic Anti-Virus PLUS] "c:\program files\paretologic\anti-virus plus\Pareto_AV.lnk" -NM -hidesplash dRun: [autochk] rundll32.exe c:\windows\system32\config\system~1\protect.dll,_IWMPEvents@16 StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\DELIVE~1.LNK - StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: EnableLUA = 0 (0x0) IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\npjpi160_05.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL LSP: ngmn1.dll DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - hxxp://www.streamplug.com/StreamPlug/beta/SP.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-gb.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab ============= SERVICES / DRIVERS =============== R?2 AeLookupSvcALG;Application Experience AeLookupSvcALG;c:\windows\temp\prlgvybopn.exe service --> c:\windows\temp\prlgvybopn.exe service [?] R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20080623.001\IDSvix86.sys [2008-6-24 261680] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-25 149864] R2 ZeppelinService;plasservice;c:\program files\common files\paretologic\plas\plasservice.exe [2009-2-18 587216] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-4-29 109616] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-6-13 41008] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888] =============== Created Last 30 ================ 2009-10-04 13:53 <DIR> --d----- c:\program files\Trend Micro 2009-10-03 17:48 <DIR> --d----- c:\users\user\appdata\roaming\AVG8 2009-10-03 16:34 933,664 a--sh--- c:\windows\system32\drivers\fidbox.dat 2009-10-03 16:34 13,580 a--sh--- c:\windows\system32\drivers\fidbox.idx 2009-10-03 16:24 0 a--sh--- c:\users\user\protect.dll 2009-10-03 15:54 195,440 -------- c:\windows\system32\MpSigStub.exe 2009-10-03 00:29 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-10-02 14:45 <DIR> --d----- c:\programdata\ParetoLogic Anti-Virus PLUS 2009-10-02 14:45 <DIR> --d----- c:\programdata\ParetoLogic 2009-10-02 14:45 <DIR> --d----- c:\program files\ParetoLogic 2009-10-02 14:45 <DIR> --d----- c:\program files\common files\ParetoLogic 2009-10-02 14:45 <DIR> --d----- c:\progra~2\ParetoLogic Anti-Virus PLUS 2009-10-02 14:45 <DIR> --d----- c:\progra~2\ParetoLogic 2009-10-02 13:43 59 a------- c:\windows\wininit.ini 2009-09-29 23:14 1,638,912 a------- c:\windows\system32\mshtml.tlb 2009-09-29 12:02 43 a------- c:\windows\system32\SKYNETrfrshjde.dat 2009-09-14 19:32 19,456 a------- c:\windows\system32\SKYNETpisqbsoh.dll 2009-09-14 11:26 1 a------- c:\windows\system32\xd.dat 2009-09-14 11:26 1 a------- c:\windows\system32\jc.dat 2009-09-14 11:26 1 a------- c:\windows\system32\idm.dat 2009-09-14 11:26 1 a------- c:\windows\system32\ck.dat 2009-09-14 11:26 1 a------- c:\windows\system32\c2d.dat 2009-09-12 19:20 2,855,424 a------- c:\windows\system32\mf.dll 2009-09-12 19:20 98,816 a------- c:\windows\system32\mfps.dll 2009-09-12 19:20 52,736 a------- c:\windows\system32\rrinstaller.exe 2009-09-12 19:20 24,576 a------- c:\windows\system32\mfpmp.exe 2009-09-12 19:20 2,048 a------- c:\windows\system32\mferror.dll 2009-09-12 19:19 813,568 a------- c:\windows\system32\drivers\tcpip.sys 2009-09-12 19:19 213,592 a------- c:\windows\system32\drivers\netio.sys 2009-09-12 19:19 103,936 a------- c:\windows\system32\netiohlp.dll 2009-09-12 19:19 167,424 a------- c:\windows\system32\tcpipcfg.dll 2009-09-12 19:19 22,016 a------- c:\windows\system32\netiougc.exe 2009-09-12 19:19 19,968 a------- c:\windows\system32\ARP.EXE 2009-09-12 19:19 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-09-12 19:19 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-09-12 19:19 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-09-12 19:19 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-09-12 19:18 10,240 a------- c:\windows\system32\finger.exe 2009-09-12 19:18 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-09-12 19:18 15,360 a------- c:\windows\system32\netevent.dll 2009-09-12 19:13 289,280 a------- c:\windows\system32\wlanmsm.dll 2009-09-12 19:13 299,520 a------- c:\windows\system32\wlansec.dll 2009-09-12 19:13 1,654,487 a------- c:\windows\system32\wlan.tmf 2009-09-12 19:13 502,784 a------- c:\windows\system32\wlansvc.dll 2009-09-12 19:13 123,904 a------- c:\windows\system32\L2SecHC.dll 2009-09-12 19:13 67,584 a------- c:\windows\system32\wlanhlp.dll 2009-09-12 19:13 47,104 a------- c:\windows\system32\wlanapi.dll 2009-09-12 11:12 <DIR> --dsh--- c:\windows\system32\lowsec ==================== Find3M ==================== 2009-10-06 13:12 27,240 a------- c:\users\user\appdata\roaming\nvModes.dat 2009-10-03 18:56 0 a------- c:\windows\system32\drivers\SKYNETmycuwxwe.sys 2009-10-03 17:00 20,480 a------- c:\windows\system32\SKYNETjdvytlaj.dll 2009-10-03 16:36 334,825 a------- c:\windows\system32\SKYNEThslwxqpv.dat 2009-10-03 16:31 19,968 a------- c:\windows\system32\autochk.dll 2009-09-14 11:26 6,976 a------- c:\windows\system32\nk.dat 2009-09-07 20:11 44,544 a------- c:\windows\system32\lkopc.dll 2009-09-04 15:43 213,024 a------- c:\windows\system32\drivers\str.sys 2009-09-03 22:31 44,544 a------- c:\windows\system32\lpocg.dll 2009-09-02 10:19 11,264 a------- c:\windows\system32\ngmn1.dll 2009-09-01 23:41 132,936 a---h--- c:\windows\system32\mlfcache.dat 2009-09-01 19:02 4,482 a------- c:\windows\system32\ealregsnapshot1.reg 2009-09-01 18:11 44,032 a------- c:\windows\system32\rant32.dll 2009-08-29 04:41 1,686,528 a------- c:\windows\system32\gameux.dll 2009-08-29 04:40 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-08-29 04:40 449,024 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-29 04:40 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-29 04:40 2,143,744 a------- c:\windows\apppatch\AcGenral.dll 2009-08-29 04:40 537,600 a------- c:\windows\apppatch\AcLayers.dll 2009-08-29 00:31 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:15 2,560 a------- c:\windows\apppatch\AcRes.dll 2009-08-17 15:01 44,544 a------- c:\windows\system32\SKYNETbkbefiab.dll 2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll 2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll 2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll 2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-07-18 13:10 52,736 a------- c:\windows\apppatch\iebrshim.dll 2009-07-17 15:52 71,680 a------- c:\windows\system32\atl.dll 2009-07-14 14:02 313,344 a------- c:\windows\system32\wmpdxm.dll 2009-07-14 14:01 4,096 a------- c:\windows\system32\dxmasf.dll 2009-07-14 14:00 7,680 a------- c:\windows\system32\spwmp.dll 2009-07-14 12:11 8,147,968 a------- c:\windows\system32\wmploc.DLL 2009-07-11 17:58 806 a------- c:\users\user\appdata\roaming\wklnhst.dat 2008-12-12 06:36 174 a--sh--- c:\program files\desktop.ini 2008-11-06 22:40 86,016 a------- c:\windows\inf\infstrng.dat 2008-11-06 22:40 86,016 a------- c:\windows\inf\infstor.dat 2008-11-06 22:40 51,200 a------- c:\windows\inf\infpub.dat 2008-06-12 23:24 665,600 a------- c:\windows\inf\drvindex.dat 2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-06-14 22:52 220 ---sh--- c:\windows\dwin.sys ============= FINISH: 2:31:25.06 =============== ROOT REPEAL: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/08 02:35 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP0 ================================================== SSDT ------------------- SYSENTER/INT2E Hooked [0x81c8c9c0]! ==EOF== Thank you!

Attached Files


#8 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 08 October 2009 - 05:37 PM

Hi x_moomoo_x,

It seems you are still running multiple anitvirus, please choose just one and uninstall the others. Also, your Norton is outdated.
Can you please post the error message you have when you've run RootRepeal? Thank you.

--Next--

Download Combofix from either of the links below. You must rename it to combafix.exe before saving it.
Save it to your desktop.

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

Link 1
Link 2

-----------------------------------------------------------


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click on the renamed ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

-----------------------------------------------------------


Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

#9 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 10 October 2009 - 07:26 PM

Hi, Do you still need help on this?

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 13 October 2009 - 05:09 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·