1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive]Help Please

Discussion in 'Malware and Virus Removal Archive' started by condorblanco, 2009/04/23.

  1. 2009/04/23
    condorblanco

    condorblanco Inactive Thread Starter

    Joined:
    2009/04/23
    Messages:
    1
    Likes Received:
    0
    Hi everyone I am new on your forum.
    I am attaching the log files (of my laptop) have no idea how to get rid off of trojan malwares (seems like I got dncyool64.sys) I've already run tune up and hijackthis, but didn't work at all.
    I would really appreciate your help.
    Thanks in advance.
    CondorBlanco
    Log1
    AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\afisicx.exe
    svchost.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\sopidkc.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\tdctxte.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\3361\SVCHOST.exe -sysrun
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\TEMP\je11b.exe
    c:\program Files\ThunMail\testabd.exe
    C:\WINDOWS\system32\tpszxyd.sys
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\TEMP\je11b.exe
    C:\WINDOWS\system32\3361\SVCHOST.exe -sysrun
    C:\WINDOWS\dhcp\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\dncyool64.sys
    C:\WINDOWS\system32\rundll32.exe
    C:\DOCUME~1\Carlos\MYDOCU~1\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    BHO: c:\windows\system32\zfgh83jg3.dll: {d5bf49a0-94f3-42bd-f434-3604812c8955} - c:\windows\system32\zfgh83jg3.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Diagnostic Manager] c:\docume~1\carlos\locals~1\temp\1081864106.exe
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe "
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    mRun: [svchost.exe] "c:\windows\system32\3361\SVCHOST.exe "
    mRun: [Jrofok] rundll32.exe "c:\windows\eziwavatebiwe.dll ",e
    mRunOnce: [svchost.exe] "c:\windows\system32\3361\SVCHOST.exe "
    dRun: [svc] c:\program files\thunmail\testabd.exe
    dRun: [<NO NAME>] c:\windows\temp\je11b.exe
    dRun: [Windows Resurections] c:\windows\temp\je11b.exe
    dRun: [Diagnostic Manager] c:\windows\temp\1419723828.exe
    dRun: [VRT25] c:\windows\temp\VRT25.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    uPolicies-explorer: NoFolderOptions = 1 (0x1)
    uPolicies-system: DisableRegistryTools = 1 (0x1)
    dPolicies-explorer: NoFolderOptions = 1 (0x1)
    dPolicies-system: DisableRegistryTools = 1 (0x1)
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    AppInit_DLLs: c:\progra~1\thunmail\testabd.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    STS: c:\windows\system32\zfgh83jg3.dll: {d5bf49a0-94f3-42bd-f434-3604812c8955} - c:\windows\system32\zfgh83jg3.dll
    LSA: Notification Packages = scecli domsmg.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\carlos\applic~1\mozilla\firefox\profiles\ytwklwmb.default\
    FF - prefs.js: browser.startup.homepage - hxxp://webmail.desert.com
    FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - HiddenExtension: XUL Cache: {9ACC3081-4A73-44A7-966B-E9BBAF851501} - c:\documents and settings\carlos\local settings\application data\{9acc3081-4a73-44a7-966b-e9bbaf851501}\

    ============= SERVICES / DRIVERS ===============

    R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
    R2 afisicx;afisicx Service;c:\windows\system32\afisicx.exe [2004-8-4 195072]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
    R2 DhcpSrv;Dhcp server;c:\windows\dhcp\svchost.exe [2009-4-16 257024]
    R2 msncache;msncache;c:\windows\system32\svchost.exe -k NetworkService [2004-8-4 14336]
    R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2004-8-4 195584]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
    R2 tdctxte;tdctxte Service;c:\windows\system32\tdctxte.exe [2004-8-4 195072]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-24 101936]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090415.003\naveng.sys [2009-4-16 89104]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090415.003\navex15.sys [2009-4-16 876144]
    S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-4-21 603904]
    S3 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]

    =============== Created Last 30 ================

    2009-04-22 12:10 <DIR> --d----- c:\program files\Trend Micro
    2009-04-21 13:06 603,904 a------- c:\windows\system32\TUProgSt.exe
    2009-04-21 13:06 27,904 a------- c:\windows\system32\uxtuneup.dll
    2009-04-21 13:06 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
    2009-04-21 13:06 <DIR> --d----- c:\docume~1\carlos\applic~1\TuneUp Software
    2009-04-21 13:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
    2009-04-21 13:06 <DIR> --d----- c:\program files\TuneUp Utilities 2009
    2009-04-21 13:05 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-04-21 10:10 15,000 a------- c:\windows\system32\hsf9ikmifj934g.dll
    2009-04-20 10:39 <DIR> --d----- c:\program files\HT NETWORKS
    2009-04-20 10:34 <DIR> --d----- c:\windows\system32\3361
    2009-04-20 10:34 108,336 a------- c:\windows\system32\MSWINSCK.OCX
    2009-04-20 10:34 40,960 a------- c:\windows\system32\xz.exe
    2009-04-17 15:45 26,112 ac------ c:\windows\system32\dllcache\EXCH_seos.dll
    2009-04-17 15:44 35,328 ac------ c:\windows\system32\dllcache\iprip.dll
    2009-04-17 15:43 78,848 ac------ c:\windows\system32\dllcache\dayi.ime
    2009-04-17 15:42 8,192 ac------ c:\windows\system32\dllcache\staxmem.dll
    2009-04-17 15:40 488 a---hr-- c:\windows\system32\logonui.exe.manifest
    2009-04-17 15:40 749 a---hr-- c:\windows\WindowsShell.Manifest
    2009-04-17 15:40 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
    2009-04-17 15:40 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
    2009-04-17 15:40 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
    2009-04-17 15:40 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
    2009-04-17 15:40 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
    2009-04-17 15:39 32,768 ac------ c:\windows\system32\dllcache\icwdl.dll
    2009-04-17 15:39 214,528 ac------ c:\windows\system32\dllcache\icwconn1.exe
    2009-04-17 15:39 86,016 ac------ c:\windows\system32\dllcache\icwconn2.exe
    2009-04-17 15:39 20,480 ac------ c:\windows\system32\dllcache\inetwiz.exe
    2009-04-17 15:29 173,056 a------- c:\windows\system32\irftp.exe
    2009-04-17 15:29 27,136 a------- c:\windows\system32\irmon.dll
    2009-04-17 15:29 8,192 a------- c:\windows\system32\wshirda.dll
    2009-04-17 15:28 18,019 a------- c:\windows\system32\nvwsapps.nvb
    2009-04-17 10:11 <DIR> --d----- c:\windows\system32\appmgmt
    2009-04-16 16:21 231,936 a------- c:\windows\system32\w.exe
    2009-04-16 16:21 36,864 a------- c:\windows\system32\dpcxool64.sys
    2009-04-16 16:21 8 a------- c:\windows\system32\comsa32.sys
    2009-04-16 16:20 <DIR> --d----- c:\windows\dhcp
    2009-04-16 16:20 15,000 a------- c:\windows\system32\zfgh83jg3.dll
    2009-04-16 16:20 <DIR> --dshr-- c:\program files\ThunMail
    2009-04-16 16:08 <DIR> --d----- c:\program files\Nitro PDF
    2009-04-16 16:08 <DIR> --d----- c:\program files\common files\Nitro PDF
    2009-04-16 16:08 <DIR> --d----- c:\program files\common files\BCL Technologies
    2009-04-16 14:58 <DIR> --d----- c:\docume~1\carlos\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2009-04-16 10:18 2,560 a------- c:\windows\system32\xpsp4res.dll
    2009-03-30 12:54 <DIR> --d----- c:\program files\Windows Media Connect 2
    2009-03-30 12:53 <DIR> --d----- c:\windows\system32\LogFiles
    2009-03-30 12:50 25,740,144 a------- C:\wmp11-windowsxp-x86-enu.exe
    2009-03-27 13:43 1,878,888 a------- C:\install_flash_player.exe
    2009-03-27 10:13 4,576 a------- c:\windows\system32\LexFiles.usr
    2009-03-27 10:13 <DIR> --d----- c:\program files\Lexmark_HostCD
    2009-03-27 10:12 1,018 a------- c:\windows\LMAAW2DD.ini
    2009-03-27 10:11 <DIR> --d----- C:\lexmark
    2009-03-27 10:10 <DIR> --d----- c:\docume~1\carlos\applic~1\Xerox
    2009-03-27 10:06 54,272 a------- c:\windows\system32\Lexcfi.dll
    2009-03-26 13:29 360,448 a------- c:\windows\system32\lexlog.dll
    2009-03-26 13:29 <DIR> --d----- c:\program files\Dell_HostCD
    2009-03-26 13:29 675,840 a------- c:\windows\system32\DKabpmui.dll
    2009-03-26 13:29 20,254 a------- c:\windows\system32\DKabpmui.chm
    2009-03-26 13:29 1,204,224 a------- c:\windows\system32\DKabserv.dll
    2009-03-26 13:29 987,136 a------- c:\windows\system32\DKabusb1.dll
    2009-03-26 13:29 532,480 a------- c:\windows\system32\DKabpar1.dll
    2009-03-26 13:29 336,792 a------- c:\windows\system32\DKabppls.exe
    2009-03-26 13:29 163,840 a------- c:\windows\system32\DKabprox.dll
    2009-03-26 13:29 114,688 a------- c:\windows\system32\DKabpplc.dll
    2009-03-26 13:28 1,056,768 a------- c:\windows\system32\DKabip1.dll
    2009-03-26 13:28 561,152 a------- c:\windows\system32\DKablmpm.dll
    2009-03-26 13:28 508,824 a------- c:\windows\system32\DKabcoms.exe
    2009-03-26 13:28 507,904 a------- c:\windows\system32\DKabhcp.dll
    2009-03-26 13:28 425,984 a------- c:\windows\system32\DKabcomm.dll
    2009-03-26 13:28 413,696 a------- c:\windows\system32\DKabinpa.dll
    2009-03-26 13:28 614,400 a------- c:\windows\system32\DKabcomc.dll
    2009-03-26 13:28 1,780 a------- c:\windows\system32\DKab.loc
    2009-03-26 13:28 31,062 a------- c:\windows\system32\LexFiles.ulf
    2009-03-26 12:32 221,184 a------- c:\windows\system32\wmpns.dll
    2009-03-26 11:44 <DIR> --d----- c:\windows\Downloaded Installations
    2009-03-26 11:34 <DIR> --d----- C:\oracle
    2009-03-26 11:34 <DIR> --d----- c:\program files\Oracle
    2009-03-25 16:00 0 a------- c:\windows\ROBOEN~1.INI
    2009-03-25 16:00 <DIR> --d----- c:\program files\ACD Systems
    2009-03-25 14:11 <DIR> --d----- c:\program files\common files\xing shared
    2009-03-25 14:11 <DIR> --d----- c:\program files\common files\Real
    2009-03-25 14:01 <DIR> --d----- c:\program files\ImageJ
    2009-03-25 13:53 <DIR> --d----- c:\documents and settings\carlos\.jmvision1_27
    2009-03-25 13:53 <DIR> --d----- c:\program files\JMicroVision 1.2.7
    2009-03-25 13:08 <DIR> --d----- c:\docume~1\carlos\applic~1\Deneba
    2009-03-25 13:07 <DIR> --d----- c:\program files\Deneba
    2009-03-25 12:21 <DIR> --d----- c:\program files\IZArc
    2009-03-25 11:36 410,984 a------- c:\windows\system32\deploytk.dll
    2009-03-25 11:36 73,728 a------- c:\windows\system32\javacpl.cpl
    2009-03-25 11:05 481 a------- c:\windows\ODBC.INI
    2009-03-25 11:04 <DIR> --d-h--- c:\windows\ShellNew
    2009-03-25 09:28 <DIR> --d----- C:\Office 2000 Premium
    2009-03-24 22:49 <DIR> --d----- c:\windows\system32\scripting
    2009-03-24 22:49 <DIR> --d----- c:\windows\system32\en
    2009-03-24 22:49 <DIR> --d----- c:\windows\system32\bits
    2009-03-24 22:49 <DIR> --d----- c:\windows\l2schemas
    2009-03-24 22:47 <DIR> --d----- c:\windows\ServicePackFiles
    2009-03-24 22:45 <DIR> --d----- c:\windows\network diagnostic
    2009-03-24 22:22 26,488 a------- c:\windows\system32\spupdsvc.exe
    2009-03-24 22:22 <DIR> --d----- c:\windows\system32\PreInstall
    2009-03-24 22:21 <DIR> --dsh--- c:\documents and settings\carlos\UserData
    2009-03-24 22:21 0 a------- c:\windows\vpc32.INI
    2009-03-24 22:18 <DIR> --d----- c:\windows\system32\SoftwareDistribution
    2009-03-24 22:12 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-03-24 22:12 48,816 a------- c:\windows\system32\S32EVNT1.DLL
    2009-03-24 22:12 <DIR> --d----- c:\windows\RegisteredPackages
    2009-03-24 22:12 <DIR> --d----- c:\program files\Symantec
    2009-03-24 22:12 <DIR> --d----- c:\program files\Symantec AntiVirus
    2009-03-24 22:12 <DIR> --d----- c:\program files\common files\Symantec Shared
    2009-03-24 22:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
    2009-03-24 21:48 <DIR> --d----- c:\program files\CONEXANT
    2009-03-24 21:48 936,960 a------- c:\windows\system32\drivers\HSX_DPV.sys
    2009-03-24 21:48 669,696 a------- c:\windows\system32\drivers\HSX_CNXT.sys
    2009-03-24 21:48 192,512 a------- c:\windows\system32\drivers\HSXHWAZL.sys
    2009-03-24 21:48 141,497 a------- c:\windows\system32\drivers\del1028.cty
    2009-03-24 21:48 114,688 a------- c:\windows\system32\Uci32103.dll
    2009-03-24 21:48 86,016 a------- c:\windows\system32\mdmxsdk.dll
    2009-03-24 21:48 12,544 a------- c:\windows\system32\drivers\mdmxsdk.sys
    2009-03-24 21:43 6,400 a------- c:\windows\system32\drivers\splitter.sys
    2009-03-24 21:43 52,864 a------- c:\windows\system32\drivers\DMusic.sys
    2009-03-24 21:42 4,952,064 a------- c:\windows\system32\stacgui.cpl
    2009-03-24 21:42 1,601,536 a------- c:\windows\system32\stlang.dll
    2009-03-24 21:42 405,504 a------- c:\windows\stsystra.exe
    2009-03-24 21:42 130,048 a------- c:\windows\system32\ksproxy.ax
    2009-03-24 21:42 4,096 a------- c:\windows\system32\ksuser.dll
    2009-03-24 21:42 1,222,840 a------- c:\windows\system32\drivers\sthda.sys
    2009-03-24 21:42 270,336 a------- c:\windows\system32\stacapi.dll
    2009-03-24 21:42 146,944 a------- c:\windows\system32\st325602.dll
    2009-03-24 21:42 <DIR> --d----- c:\program files\SigmaTel
    2009-03-24 21:41 <DIR> --d----- c:\docume~1\carlos\applic~1\Dell
    2009-03-24 21:41 307,200 a------- c:\windows\system32\BMAPI.dll
    2009-03-24 21:41 233,472 a------- c:\windows\system32\NicConfigSvc.cpl
    2009-03-24 21:41 61,440 a------- c:\windows\system32\KPower.dll
    2009-03-24 21:41 16,128 a------- c:\windows\system32\drivers\APPDRV.SYS
    2009-03-24 21:40 <DIR> --d----- c:\program files\Broadcom
    2009-03-24 21:33 42,206 a------- c:\windows\system32\nvModes.dat
    2009-03-24 21:33 42,206 a------- c:\windows\system32\nvModes.001
    2009-03-24 21:33 134,756 a------- c:\windows\system32\nvapps.xml
    2009-03-24 21:33 18,019 a------- c:\windows\system32\nvwsapps.xml
    2009-03-24 21:33 376,832 a------- c:\windows\system32\nvudisp.exe
    2009-03-24 21:33 17,527 a------- c:\windows\system32\nvdisp.nvu
    2009-03-24 21:33 <DIR> --d----- c:\windows\nview
    2009-03-24 21:26 <DIR> --d----- C:\Intel
    2009-03-24 21:25 <DIR> --d----- c:\windows\system32\ReinstallBackups
    2009-03-24 21:24 5 a------- c:\windows\system32\drivers\DELL_LAT_D820.MRK
    2009-03-24 21:24 5 a------- c:\windows\system32\drivers\1028_DELL_LAT_D820.MRK
    2009-03-24 21:24 10,240 a------- c:\windows\system32\drivers\sffp_mmc.sys
    2009-03-24 21:24 666 a------- c:\windows\speed.reg
    2009-03-24 21:24 <DIR> --d----- c:\program files\Dell
    2009-03-24 21:03 <DIR> --d----- c:\documents and settings\Carlos
    2009-03-24 21:01 <DIR> --ds---- c:\windows\system32\Microsoft
    2009-03-24 20:59 8,192 a------- c:\windows\REGLOCS.OLD
    2009-03-24 20:56 618,605 ac------ c:\windows\system32\dllcache\fp4autl.dll
    2009-03-24 20:56 <DIR> --d----- c:\windows\system32\xircom
    2009-03-24 20:56 <DIR> --d----- C:\DELL
    2009-03-24 20:54 <DIR> --dsh--- c:\documents and settings\all users\DRM
    2009-03-24 20:54 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
    2009-03-24 20:54 <DIR> --ds---- c:\windows\Downloaded Program Files
    2009-03-24 20:54 <DIR> --d--r-- c:\windows\Offline Web Pages
    2009-03-24 20:54 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
    2009-03-24 20:54 <DIR> --d-h--- c:\program files\WindowsUpdate
    2009-03-24 20:54 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
    2009-03-24 20:54 <DIR> --d----- c:\windows\system32\DirectX
    2009-03-24 20:53 <DIR> --d----- c:\program files\common files\MSSoap
    2009-03-24 20:52 <DIR> --d----- c:\program files\Online Services
    2009-03-24 20:51 <DIR> --d----- c:\program files\Messenger
    2009-03-24 20:51 <DIR> --d----- c:\program files\MSN Gaming Zone
    2009-03-24 20:51 <DIR> --d----- c:\program files\Windows NT
    2009-03-24 13:40 <DIR> --d----- c:\program files\common files\ODBC
    2009-03-24 13:40 <DIR> --d----- c:\program files\common files\SpeechEngines
    2009-03-24 13:40 <DIR> --d--r-- c:\documents and settings\all users\Documents

    ==================== Find3M ====================

    2009-04-22 10:38 166,912 a------- c:\windows\regedit.exe
    2009-04-17 15:38 22,720 a------- c:\windows\system32\emptyregdb.dat
    2009-03-25 11:05 5,058 a------- c:\windows\help\hhcolreg.dat
    2009-03-24 22:52 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2009-03-04 16:27 508,200 a------- c:\windows\system32\ICCProfiles.dll

    ============= FINISH: 10:33:15.29 ===============
     
    condorblanco,
    #1
  2. 2009/05/07
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    15,174
    Likes Received:
    412
    Hi,

    Read this post as indicated at the top of this forum & follow the instructions.
     
    Arie,
    #2


  3. to hide this advert.

  4. 2009/05/16
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Hi and welcome


    Download worksnow from HERE:

    [color= "purple"]* IMPORTANT !!! Save worksnow to your Desktop[/color]
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

    • Double click on worksnow & follow the prompts.

      Note: worksnow will run without the Recovery Console installed.
    • As part of it's process, combofix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    [color= "blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color]


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    "copy/paste" a new HijackThis log file into this thread as well.

    Notes:

    1.[color= "red"]Do not mouse-click Combofix's window while it is running. That may cause it to stall.[/color]
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Give it atleast 20-30 minutes to finish if needed.
     
    Juliet,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...