Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Many Problems. startup problems. malewarebytes not working.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Many Problems. startup problems. malewarebytes not working.

Unread postby Alex99 » June 8th, 2009, 11:31 am

My biggest problem is that when I turn on my computer it sometimes fails to log in. I usually have to unplug the battery several times before it works. I believe this is the result of a virus but I cannot delete it because my malwarebytes anti-malware software won't open and neither will my spy-bot search and destroy the only anti-virus software I own that still works is AVG Free 8.5. The AVG can detect some viruses but it cannot delete them. I have searched other forums for related problems but they didn't seem to help. This is my HijackThis Logfile. Also my google search sometimes doesn't work only open a new tab that contains an advertisement.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:47 AM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\O2Micro\o2flash.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [pobagigoma] Rundll32.exe "C:\WINDOWS\system32\habemoya.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.united-pc.com/
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: mdiort.dll c:\windows\system32\rivonugo.dll,C:\WINDOWS\system32\jinuriwa.dll,C:\WINDOWS\system32\vuzejofu.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7295 bytes
Alex99
Active Member
 
Posts: 4
Joined: June 8th, 2009, 11:16 am
Advertisement
Register to Remove

Re: Many Problems. startup problems. malewarebytes not working.

Unread postby Shaba » June 10th, 2009, 5:24 am

Hi Alex99

Please try to rename malwarebytes executable and let me know if it works now.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Many Problems. startup problems. malewarebytes not working.

Unread postby Alex99 » June 10th, 2009, 4:24 pm

I renamed it but it still won't open.
Alex99
Active Member
 
Posts: 4
Joined: June 8th, 2009, 11:16 am

Re: Many Problems. startup problems. malewarebytes not working.

Unread postby Shaba » June 11th, 2009, 12:01 am

Download gmer.zip and save to your desktop.
alternate download site
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Many Problems. startup problems. malewarebytes not working.

Unread postby Alex99 » June 15th, 2009, 10:35 pm

at first gmer didn't work then I renamed it and it worked here is the log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-15 22:29:08
Windows 5.1.2600 Service Pack 3


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0019db0a6716
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019db0a6716
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main@sid 0
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1224] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1232] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1292] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1576] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1688] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [188] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1964] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [812] 0x008F0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1516] 0x00900000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [612] 0x00900000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1224] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1232] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1292] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1576] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1688] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [188] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [812] 0x009A0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1516] 0x009B0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [612] 0x009B0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1964] 0x009C0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1788] 0x00BD0000
Library \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1116] 0x03180000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [2928] 0x08D90000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3812] 0x08DA0000
Library \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3888] 0x08DA0000
Library \\?\globalroot\systemroot\system32\kungsforcfqfjt.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1116] 0x10000000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main@aid 10002

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\UACbgujfipmvblhfog.db 1110399 bytes
File C:\WINDOWS\system32\UACxxltxpsjkdlxrqu.dll 17408 bytes executable
File C:\WINDOWS\system32\UACmquqqyoxfxrkipq.dll 19456 bytes executable
File C:\WINDOWS\system32\UACosrqrdyubrxenqo.dll 19968 bytes executable
File C:\WINDOWS\system32\kungsffttstdkt.dll 20992 bytes executable
File C:\WINDOWS\system32\kungsforcfqfjt.dll 20992 bytes executable
File C:\WINDOWS\system32\UACvymouqjecwgjrww.dat 224 bytes
File C:\WINDOWS\system32\UACyxwswlmpklsyniu.dll 25088 bytes executable
File C:\WINDOWS\system32\UACqgrqulxsiefnngy.dll 30208 bytes executable
File C:\Documents and Settings\Owner\Local Settings\temp\UACa063.tmp 343040 bytes executable
File C:\WINDOWS\system32\kungsforbdyely.dat 349669 bytes
File C:\WINDOWS\system32\uactmp.db 3976714 bytes
File C:\WINDOWS\system32\drivers\UACtuwupfvkipfaiqk.sys 53248 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\uacinit.dll 6117 bytes
File C:\WINDOWS\system32\UAChwxqbmaokjmqjvw.dll 66560 bytes
File C:\WINDOWS\temp\UACa60e.tmp 66560 bytes
File C:\WINDOWS\system32\drivers\kungsfrarjcgrp.sys 67072 bytes executable <-- ROOTKIT !!!

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 08D9F9F0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 08DAF9F0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 08DAF9F0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 08DA0A60 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 08DB0A60 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 08DB0A60 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 08DA08A0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 08DB08A0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 08DB08A0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WS2_32.dll!send 71AB4C27 5 Bytes JMP 08DA0780 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WS2_32.dll!send 71AB4C27 5 Bytes JMP 08DB0780 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WS2_32.dll!send 71AB4C27 5 Bytes JMP 08DB0780 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 08D9FDA0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 08DAFDA0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 08DAFDA0 \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main@cmddelay 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main@cmddelay 7200

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 08C2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 08C3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 08C3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 08CD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 08CE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 08CE000A
.text C:\WINDOWS\system32\services.exe[940] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\winlogon.exe[896] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006A000A
.text C:\Program Files\O2Micro\o2flash.exe[1196] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006E000A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2008] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0072000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0073000A
.text C:\WINDOWS\system32\lsass.exe[952] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0073000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0074000A
.text C:\Program Files\iPod\bin\iPodService.exe[2988] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0075000A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[160] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0075000A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1000] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0076000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2032] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0077000A
.text C:\WINDOWS\System32\alg.exe[2184] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0077000A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[444] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0078000A
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007B000A
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[520] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\ctfmon.exe[2752] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3268] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0099000A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2948] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[2696] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2648] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\WINDOWS\AGRSMMSG.exe[2240] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A1000A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A4000A
.text C:\Program Files\Secunia\PSI\psi.exe[3144] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\rundll32.exe[2352] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A9000A
.text C:\WINDOWS\Explorer.EXE[1788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AD000A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2536] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BF000A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[568] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CC000A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1360] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D4000A
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3896] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DA000A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2208] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00E8000A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2196] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00F6000A
.text C:\WINDOWS\RTHDCPL.EXE[2228] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01A5000A
.text C:\Documents and Settings\Owner\Desktop\gmer(2)\rename.exe[3536] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 08AD000A
.text C:\WINDOWS\system32\services.exe[940] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0067000A
.text C:\WINDOWS\system32\winlogon.exe[896] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006B000A
.text C:\Program Files\O2Micro\o2flash.exe[1196] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006F000A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2008] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0073000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0074000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0075000A
.text C:\Program Files\iPod\bin\iPodService.exe[2988] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0076000A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[160] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0076000A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1000] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0077000A
.text C:\WINDOWS\system32\lsass.exe[952] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0077000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2032] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0078000A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[444] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0079000A
.text C:\WINDOWS\System32\alg.exe[2184] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0079000A
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[176] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 007C000A
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[520] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0082000A
.text C:\WINDOWS\system32\ctfmon.exe[2752] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009A000A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2948] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[2696] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3268] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2648] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009D000A
.text C:\WINDOWS\AGRSMMSG.exe[2240] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A2000A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1504] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A5000A
.text C:\Program Files\Secunia\PSI\psi.exe[3144] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A6000A
.text C:\WINDOWS\system32\rundll32.exe[2352] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AA000A
.text C:\WINDOWS\Explorer.EXE[1788] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AE000A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2536] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C0000A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[568] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00CD000A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1360] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D5000A
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3896] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00DB000A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2208] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00E9000A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2196] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00F7000A
.text C:\WINDOWS\RTHDCPL.EXE[2228] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 01A6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2928] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08B7000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3812] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08B7000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08B8000A
.text C:\Documents and Settings\Owner\Desktop\gmer(2)\rename.exe[3536] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08BF000A

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 8A2719E2
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8A2F751A
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8A2FA32A
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 8A2FA77A

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\UACidperfilkivvspk.log 84315 bytes

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\kungsfrarjcgrp.sys (*** hidden *** ) [SYSTEM] kungsfevwdmnlm <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\UACtuwupfvkipfaiqk.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtuwupfvkipfaiqk.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtuwupfvkipfaiqk.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACbgujfipmvblhfog.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACbgujfipmvblhfog.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAChwxqbmaokjmqjvw.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACidperfilkivvspk.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACidperfilkivvspk.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACmquqqyoxfxrkipq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACmquqqyoxfxrkipq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACosrqrdyubrxenqo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACosrqrdyubrxenqo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqgrqulxsiefnngy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACvpcscpunvmkttru.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACvpcscpunvmkttru.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACvymouqjecwgjrww.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACvymouqjecwgjrww.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxxltxpsjkdlxrqu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxxltxpsjkdlxrqu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACylnqelwwbrvfnme.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACylnqelwwbrvfnme.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACyxwswlmpklsyniu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACyxwswlmpklsyniu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm@imagepath \systemroot\system32\drivers\kungsfrarjcgrp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\modules@kungsfrk.sys \systemroot\system32\drivers\kungsfrarjcgrp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm@imagepath \systemroot\system32\drivers\kungsfrarjcgrp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\modules@kungsfrk.sys \systemroot\system32\drivers\kungsfrarjcgrp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtuwupfvkipfaiqk.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtuwupfvkipfaiqk.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\modules@kungsfwsp.dll \systemroot\system32\kungsffttstdkt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\modules@kungsfwsp.dll \systemroot\system32\kungsffttstdkt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\modules@kungsflog.dat \systemroot\system32\kungsforbdyely.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\modules@kungsflog.dat \systemroot\system32\kungsforbdyely.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\modules@kungsfcmd.dll \systemroot\system32\kungsforcfqfjt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\modules@kungsfcmd.dll \systemroot\system32\kungsforcfqfjt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\modules@kungsf.dat \systemroot\system32\kungsfrphvcwak.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\modules@kungsf.dat \systemroot\system32\kungsfrphvcwak.dat

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\BTHUSB \Device\00000089 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000008b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system

---- System - GMER 1.0.15 ----

Code 8A2719DD IofCallDriver
Code 8A2F7515 IofCompleteRequest

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\kungsfevwdmnlm\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfevwdmnlm\main\injector@* SKYNETwsp.dll

Code 8A2FA776 ZwEnumerateKey
Code 8A2FA326 ZwFlushInstructionCache

---- EOF - GMER 1.0.15 ----
Alex99
Active Member
 
Posts: 4
Joined: June 8th, 2009, 11:16 am

Re: Many Problems. startup problems. malewarebytes not working.

Unread postby Shaba » June 16th, 2009, 12:08 am

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Many Problems. startup problems. malewarebytes not working.

Unread postby Alex99 » June 19th, 2009, 7:08 pm

Combofix seemed to fix a lot of my problems thank you.


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-19 18:10:50
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys The system cannot find the file specified. !
? C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019db0a6716
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0019db0a6716

---- EOF - GMER 1.0.15 ----



Combofix log:



ComboFix 09-06-18.02 - Owner 06/19/2009 17:05.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1600 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\rename.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security
c:\windows\system32\drivers\kungsfrarjcgrp.sys
c:\windows\system32\drivers\UACtuwupfvkipfaiqk.sys
c:\windows\system32\UACbgujfipmvblhfog.db
c:\windows\system32\UAChwxqbmaokjmqjvw.dll
c:\windows\system32\UACidperfilkivvspk.log
c:\windows\system32\UACmquqqyoxfxrkipq.dll
c:\windows\system32\UACosrqrdyubrxenqo.dll
c:\windows\system32\UACqgrqulxsiefnngy.dll
c:\windows\system32\UACvpcscpunvmkttru.log
c:\windows\system32\UACvymouqjecwgjrww.dat
c:\windows\system32\UACxxltxpsjkdlxrqu.dll
c:\windows\system32\UACylnqelwwbrvfnme.log
c:\windows\system32\UACyxwswlmpklsyniu.dll
c:\windows\system32\config\systemprofile\Desktop\System Security 2009.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security 2009 Support.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security 2009.lnk
c:\windows\system32\drivers\kungsfrarjcgrp.sys
c:\windows\system32\drivers\UACtuwupfvkipfaiqk.sys
c:\windows\system32\kungsffttstdkt.dll
c:\windows\system32\kungsforbdyely.dat
c:\windows\system32\kungsforcfqfjt.dll
c:\windows\system32\SKYNETlog.dat
c:\windows\system32\UACbgujfipmvblhfog.db
c:\windows\system32\UAChwxqbmaokjmqjvw.dll
c:\windows\system32\UACidperfilkivvspk.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmquqqyoxfxrkipq.dll
c:\windows\system32\UACosrqrdyubrxenqo.dll
c:\windows\system32\UACqgrqulxsiefnngy.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACvpcscpunvmkttru.log
c:\windows\system32\UACvymouqjecwgjrww.dat
c:\windows\system32\UACxxltxpsjkdlxrqu.dll
c:\windows\system32\UACylnqelwwbrvfnme.log
c:\windows\system32\UACyxwswlmpklsyniu.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Service_kungsfevwdmnlm


((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-19 07:39 . 2009-06-19 20:26 19968 ----a-w- c:\windows\system32\SKYNETrk.sys
2009-06-18 21:21 . 2009-06-19 20:26 20992 ----a-w- c:\windows\system32\SKYNETwsp.dll
2009-06-17 22:44 . 2009-06-11 19:55 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-17 22:44 . 2009-06-11 19:54 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-16 03:26 . 2009-06-16 03:26 29024 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-16 01:30 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 01:30 . 2009-06-16 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 01:30 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 19:24 . 2009-06-15 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\96517646
2009-06-15 19:24 . 2009-06-15 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\16507654
2009-06-11 19:55 . 2009-06-11 19:54 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-11 19:54 . 2009-06-11 19:54 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-09 21:25 . 2009-06-09 21:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Help
2009-06-08 13:30 . 2009-06-08 13:30 -------- d-----w- c:\program files\Lavasoft
2009-06-07 23:20 . 2009-06-07 23:20 -------- d-----w- c:\program files\iPod
2009-06-07 23:20 . 2009-06-07 23:20 -------- d-----w- c:\program files\iTunes
2009-06-07 23:20 . 2009-06-07 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-07 23:19 . 2009-06-07 23:19 -------- d-----w- c:\program files\Bonjour
2009-06-07 22:44 . 2009-06-07 22:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-07 22:43 . 2009-06-07 22:43 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-07 22:40 . 2009-06-07 22:40 -------- d-----w- c:\program files\QuickTime
2009-06-07 21:43 . 2009-06-07 21:43 -------- d-----w- c:\program files\Secunia
2009-06-05 21:43 . 2009-06-05 21:43 69632 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2009-05-30 16:50 . 2009-05-30 16:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 18:31 . 2009-03-18 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-17 22:43 . 2009-03-18 20:29 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 03:25 . 2007-12-12 20:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-06-16 03:25 . 2008-04-20 00:56 -------- d-----w- c:\program files\Safari
2009-06-15 23:21 . 2007-12-12 20:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-15 23:19 . 2007-12-12 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-11 19:55 . 2009-03-18 20:29 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-10 07:03 . 2007-12-12 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-09 21:25 . 2007-12-12 20:10 -------- d-----w- c:\program files\CleanUp!
2009-06-09 02:20 . 2007-12-16 21:43 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-06-07 23:20 . 2007-12-12 20:02 -------- d-----w- c:\program files\Common Files\Apple
2009-06-07 22:43 . 2007-12-12 19:45 -------- d-----w- c:\program files\Java
2009-06-03 00:42 . 2009-01-10 21:08 -------- d-----w- c:\program files\Oberon Media
2009-06-03 00:41 . 2009-01-10 21:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-26 03:15 . 2008-09-02 19:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-05-12 03:07 . 2009-05-12 03:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Unity
2009-05-12 02:02 . 2009-05-12 02:02 -------- d-----w- c:\program files\Unity
2009-05-11 06:15 . 2007-12-28 15:16 30240 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 15:32 . 2007-12-12 23:14 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 05:04 . 2008-07-18 22:53 -------- d-----w- c:\program files\Microsoft Games
2009-05-06 05:03 . 2007-12-13 02:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-04 16:10 . 2009-03-18 20:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-04 16:10 . 2009-03-18 20:29 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-29 04:46 . 2007-12-12 23:14 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2007-12-12 23:14 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2007-12-12 23:14 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2007-12-12 23:14 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-24 11:03 . 2009-03-24 11:03 7808 ----a-w- c:\windows\system32\drivers\psi_mf.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 58928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-07 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-06-29 89541]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 16:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [12/12/2007 2:12 PM 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [12/12/2007 2:12 PM 35968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/18/2009 4:29 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/18/2009 4:29 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/17/2009 6:43 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/18/2009 4:29 PM 298776]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 7:03 AM 7808]
S0 ndxragzm;ndxragzm;c:\windows\system32\drivers\sxjcbdjl.sys --> c:\windows\system32\drivers\sxjcbdjl.sys [?]
S1 usbportt;usbportt;c:\windows\system32\drivers\usbportt.sys --> c:\windows\system32\drivers\usbportt.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-prnet - c:\windows\system32\prnet.tmp


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 17:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-583907252-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:34,61,bf,ca,c6,98,83,ef,56,08,db,97,a6,a4,f0,67,47,d1,60,a6,ea,d6,d8,
bf,1a,a9,de,79,c7,13,35,f7,9b,5c,36,49,2b,98,b9,f5,a4,ed,11,26,ec,3a,94,29,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3580)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\O2Micro\o2flash.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-19 17:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-19 21:16
ComboFix2.txt 2009-03-18 16:30
ComboFix3.txt 2009-02-02 23:38

Pre-Run: 141,261,144,064 bytes free
Post-Run: 141,241,536,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

234 --- E O F --- 2009-06-10 07:03
Alex99
Active Member
 
Posts: 4
Joined: June 8th, 2009, 11:16 am

Re: Many Problems. startup problems. malewarebytes not working.

Unread postby Shaba » June 20th, 2009, 3:39 am

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
c:\windows\system32\SKYNETrk.sys
c:\windows\system32\SKYNETwsp.dll

DirLook::
c:\documents and settings\All Users\Application Data\96517646
c:\documents and settings\All Users\Application Data\16507654

DDS::
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Many Problems. startup problems. malewarebytes not working.

Unread postby Shaba » June 25th, 2009, 5:28 am

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware