Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis Log : Control Panel Is Missing Plus Restrictions

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HijackThis Log : Control Panel Is Missing Plus Restrictions

Unread postby BlindChameleon » October 5th, 2007, 4:46 pm

Control Panel Is Missing And Not Accessible. Windows Restriction Message Says The Operatiopn Has Been Cancelled Due To Restrictions In Effect On This Computer Please Contact Your System Administrator. I have tried Every Spyware And Malware Remover Possible Including All Your Steps Listed In Read This First. Here Is My Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:48 PM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 6207 bytes
BlindChameleon
Active Member
 
Posts: 3
Joined: October 5th, 2007, 5:01 am
Advertisement
Register to Remove

Unread postby Mr_JAk3 » October 7th, 2007, 9:50 am

Hello BlindChameleon and welcome to the Forums :)

Let's run one tool.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Unread postby BlindChameleon » October 7th, 2007, 1:43 pm

Here You Go:

ComboFix 07-10-07.2 - The Wright Family 2007-10-07 13:31:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.632 [GMT -4:00]
Running from: C:\Documents and Settings\The Wright Family\Local Settings\Temporary Internet Files\Content.IE5\WZNFCFIT\ComboFix[1].exe
.

((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 13:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-05 15:03 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-10-05 14:52 <DIR> d-------- C:\Documents and Settings\The Wright Family\.housecall6.6
2007-10-05 04:30 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-05 03:23 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-05 00:05 <DIR> d-------- C:\Program Files\PCBugDoctor
2007-10-04 17:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-04 04:51 <DIR> d-------- C:\Program Files\Yamicsoft
2007-10-04 00:08 0 --a------ C:\WINDOWS\system32\Ultra.dll
2007-10-03 23:58 <DIR> d-------- C:\VundoFix Backups
2007-10-03 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 23:50 57,344 --a------ C:\WINDOWS\Unwash6.exe
2007-10-03 23:50 487,936 --a------ C:\WINDOWS\system32\wwSecure.exe
2007-10-03 23:50 <DIR> d-------- C:\Program Files\Webroot
2007-10-03 23:50 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2007-10-03 23:50 <DIR> d-------- C:\Documents and Settings\The Wright Family\Application Data\Webroot
2007-10-03 23:47 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-03 23:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-03 23:47 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-03 23:47 1,502 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-02 18:32 <DIR> d-------- C:\Documents and Settings\The Wright Family\Application Data\Yahoo!
2007-10-02 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-02 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-02 18:27 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-23 17:56 <DIR> d-------- C:\Documents and Settings\The Wright Family\Application Data\Uniblue
2007-09-23 17:21 49,536 --a------ C:\WINDOWS\system32\drivers\tiehdusb.sys
2007-09-23 17:21 21,456 --a------ C:\WINDOWS\system32\drivers\SilvrLnk.sys
2007-09-23 17:21 <DIR> d-------- C:\Program Files\TI Education
2007-09-23 17:21 <DIR> d-------- C:\Program Files\Common Files\TI Shared
2007-09-21 11:32 <DIR> d-------- C:\Program Files\Prolific Publishing, Inc
2007-09-20 20:56 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-20 20:56 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-20 20:56 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-20 20:56 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-20 20:56 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-20 20:56 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-20 20:55 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-20 20:28 <DIR> d-------- C:\Downloads
2007-09-14 12:36 <DIR> d-------- C:\Program Files\Dell Photo AIO Printer 924
2007-09-09 12:02 <DIR> d-------- C:\Documents and Settings\The Wright Family\Application Data\Google
2007-09-09 11:53 <DIR> d-------- C:\Program Files\Google
2007-09-09 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-05 16:29 --------- d-------- C:\Program Files\DIGStream
2007-10-04 04:55 --------- d-------- C:\Program Files\RGB
2007-10-04 00:07 --------- d-------- C:\Documents and Settings\The Wright Family\Application Data\LimeWire
2007-10-03 23:56 --------- d-------- C:\Program Files\Spyware Terminator
2007-10-03 23:56 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-10-03 23:52 --------- d-------- C:\Documents and Settings\The Wright Family\Application Data\Spyware Terminator
2007-10-02 13:33 --------- d-------- C:\Program Files\LimeWire
2007-09-23 17:18 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-14 13:32 --------- d-------- C:\Program Files\Dl_cats
2007-09-09 19:41 --------- d-------- C:\Program Files\Family Feud II
2007-09-08 21:47 --------- d-------- C:\Program Files\Common Files\AOL
2007-09-08 08:28 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-09-07 22:15 138624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-08-30 19:25 --------- d-------- C:\Program Files\Game Elements
2007-08-23 13:46 --------- d-------- C:\Documents and Settings\The Wright Family\Application Data\Leadertech
2007-08-23 13:41 --------- d-------- C:\Program Files\Atari
2007-08-20 17:12 --------- d-------- C:\Program Files\EA Sports
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-26 11:57 47360 --a------ C:\Documents and Settings\The Wright Family\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-07_13.27.11.03 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 182,538 2007-10-07 17:24:16 C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin
----a-w 182,538 2007-10-07 17:30:37 C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin
.
----a-w 182,538 2007-10-07 17:23:59 C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin
----a-w 182,538 2007-10-07 17:24:16 C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-14 10:17]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-08-31 20:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

C:\Documents and Settings\The Wright Family\Start Menu\Programs\Startup\
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmasy\Tmasy.exe [2007-10-05 03:23:49]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kaspersky Anti-Hacker.lnk - C:\WINDOWS\Installer\{75D46594-4DE1-4A90-AE74-38637D301EF2}\StartUpShortcut.exe [2007-05-25 15:55:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

R0 Klpf;Klpf;C:\WINDOWS\system32\Drivers\Klpf.sys
R0 Klpid;Klpid;C:\WINDOWS\system32\Drivers\klpid.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys
R3 sigfilt;sigfilt;C:\WINDOWS\system32\drivers\sigfilt.sys
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 13:32:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 13:32:55
C:\ComboFix-quarantined-files.txt ... 2007-10-07 13:32
.
--- E O F ---
BlindChameleon
Active Member
 
Posts: 3
Joined: October 5th, 2007, 5:01 am

Unread postby Mr_JAk3 » October 8th, 2007, 3:06 am

Hello :)

Ok we'll continue...

Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe

Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the words Windows Registry Editor Version 5.00) :

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000000
"AllowUnhashedWebView"=dword:00000000


Make sure there are NO blank lines before Windows Registry Editor Version 5.00
Make sure there IS one blank line at the end of the file.

Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.


Open "My Computer" and delete the following file (if present):
C:\WINDOWS\system32\Ultra.dll

Restart the computer.

Post a fresh HijackThis log and let me know that does the Control Panel work now
:thumbright:
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Unread postby BlindChameleon » October 8th, 2007, 8:48 pm

Worked Like A Charm!!!! Awesome Tech Support!!!!!

Final Log:

ComboFix 07-10-09.2 - The Wright Family 2007-10-08 20:40:11.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.643 [GMT -4:00]
Running from: C:\Documents and Settings\The Wright Family\Local Settings\Temporary Internet Files\Content.IE5\ICKEJMPK\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-08 18:46 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-08 18:46 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-07 13:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-05 15:03 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-10-05 14:52 <DIR> d-------- C:\Documents and Settings\The Wright Family\.housecall6.6
2007-10-05 04:30 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-05 03:23 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-05 00:05 <DIR> d-------- C:\Program Files\PCBugDoctor
2007-10-04 17:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-04 04:51 <DIR> d-------- C:\Program Files\Yamicsoft
2007-10-03 23:58 <DIR> d-------- C:\VundoFix Backups
2007-10-03 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 23:50 <DIR> d-------- C:\Program Files\Webroot
2007-10-03 23:50 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2007-10-03 23:50 <DIR> d-------- C:\Documents and Settings\The Wright Family\Application Data\Webroot
2007-10-03 23:50 487,936 --a------ C:\WINDOWS\system32\wwSecure.exe
2007-10-03 23:50 57,344 --a------ C:\WINDOWS\Unwash6.exe
2007-10-03 23:47 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-03 23:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-03 23:47 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-03 23:47 1,502 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-02 18:32 <DIR> d-------- C:\Documents and Settings\The Wright Family\Application Data\Yahoo!
2007-10-02 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-02 18:27 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-23 17:56 <DIR> d-------- C:\Documents and Settings\The Wright Family\Application Data\Uniblue
2007-09-23 17:21 <DIR> d-------- C:\Program Files\TI Education
2007-09-23 17:21 <DIR> d-------- C:\Program Files\Common Files\TI Shared
2007-09-23 17:21 49,536 --a------ C:\WINDOWS\system32\drivers\tiehdusb.sys
2007-09-23 17:21 21,456 --a------ C:\WINDOWS\system32\drivers\SilvrLnk.sys
2007-09-20 20:56 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-20 20:56 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-20 20:56 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-20 20:56 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-20 20:56 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-20 20:56 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-20 20:55 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-20 20:28 <DIR> d-------- C:\Downloads
2007-09-14 12:36 <DIR> d-------- C:\Program Files\Dell Photo AIO Printer 924
2007-09-09 12:02 <DIR> d-------- C:\Documents and Settings\The Wright Family\Application Data\Google
2007-09-09 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 08:55 --------- d-----w C:\Program Files\RGB
2007-10-04 04:07 --------- d-----w C:\Documents and Settings\The Wright Family\Application Data\LimeWire
2007-10-04 03:56 --------- d-----w C:\Program Files\Spyware Terminator
2007-10-04 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-10-04 03:52 --------- d-----w C:\Documents and Settings\The Wright Family\Application Data\Spyware Terminator
2007-10-02 17:33 --------- d-----w C:\Program Files\LimeWire
2007-09-23 21:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-14 17:32 --------- d-----w C:\Program Files\Dl_cats
2007-09-09 23:41 --------- d-----w C:\Program Files\Family Feud II
2007-09-09 01:47 --------- d-----w C:\Program Files\Common Files\AOL
2007-09-08 12:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-08 02:15 138,624 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-08-30 23:25 --------- d-----w C:\Program Files\Game Elements
2007-08-23 17:46 --------- d-----w C:\Documents and Settings\The Wright Family\Application Data\Leadertech
2007-08-23 17:41 --------- d-----w C:\Program Files\Atari
2007-08-20 21:12 --------- d-----w C:\Program Files\EA Sports
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-26 15:57 47,360 ----a-w C:\Documents and Settings\The Wright Family\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-14 10:17]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kaspersky Anti-Hacker.lnk - C:\WINDOWS\Installer\{75D46594-4DE1-4A90-AE74-38637D301EF2}\StartUpShortcut.exe [2007-05-25 15:55:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=0 (0x0)
"AllowUnhashedWebView"=0 (0x0)

R0 Klpf;Klpf;C:\WINDOWS\system32\Drivers\Klpf.sys
R0 Klpid;Klpid;C:\WINDOWS\system32\Drivers\klpid.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys
R3 sigfilt;sigfilt;C:\WINDOWS\system32\drivers\sigfilt.sys
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 20:42:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 20:42:34
C:\ComboFix-quarantined-files.txt ... 2007-10-08 20:42
C:\ComboFix2.txt ... 2007-10-07 13:32
.
--- E O F ---
BlindChameleon
Active Member
 
Posts: 3
Joined: October 5th, 2007, 5:01 am

Unread postby Mr_JAk3 » October 9th, 2007, 2:21 pm

Hi :)

Ok good. The logs look clean, one leftover.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
F2 - REG:system.ini: Shell=

Let's run one online scanner just to be sure that you're clean.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a fresh HijackThis log
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Unread postby random/random » October 21st, 2007, 11:01 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware