wireddj

Sorry about that was just trying to get my system sorted out a.s.a.p didnt realise that i was doing more harm than good. I will be relying on my friend to help me out but thank you for your assistance up until now. But i hope it would be ok to come back here if i have no joy?

Hey starbuck i actually ran the combofix scan again this afternoon as someone else was also trying to help me, hope that wont affect any help you are giving me. Here are the scans... ComboFix 10-05-10.03 - Demented Blaster 05/11/2010 13:30:22.1.3 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.2225 [GMT 1:00] Running from: C:\Users\Demented Blaster\Downloads\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Demented Blaster\AppData\Roaming\dach100.dll . ---- Previous Run ------- . C:\Program Files\INSTALL.LOG C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Users\Demented Blaster\AppData\Roaming\BITS\BITS.ini C:\Users\Demented Blaster\AppData\Roaming\chrtmp C:\Users\Demented Blaster\AppData\Roaming\dach100.dll C:\Users\Demented Blaster\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll C:\Users\Demented Blaster\AppData\Roaming\FlashGetBHO\FlashGetHook.dll C:\Users\Demented Blaster\AppData\Roaming\FlashGetBHO\GetAllUrl.htm C:\Users\Demented Blaster\AppData\Roaming\FlashGetBHO\GetUrl.htm C:\Users\Demented Blaster\AppData\Roaming\inst.exe C:\Windows\a3kebook.ini C:\Windows\AiiTxI.exe C:\Windows\akebook.ini C:\Windows\ANS2000.INI C:\Windows\APKUo.exe C:\Windows\axcKqprO.exe C:\Windows\BRXGn.dll C:\Windows\bvvnq.exe C:\Windows\CFpcr.dll C:\Windows\CGmBYscJe.exe C:\Windows\DyuCuJkR.exe C:\Windows\EKCXaiHVc.exe C:\Windows\fhbIWDrG.dll C:\Windows\gCDXjB.exe C:\Windows\GqykEQ.dll C:\Windows\hdIhhkTe.dll C:\Windows\HeeiS.dll C:\Windows\HEuXQI.dll C:\Windows\hKFGvq.dll C:\Windows\IBwfo.exe C:\Windows\JCNFVlv.dll C:\Windows\JPILEmr.exe C:\Windows\KenVIjT.dll C:\Windows\kSkmuDixg.exe C:\Windows\LmQuviXh.dll C:\Windows\lNAypDJo.exe C:\Windows\MdgOLar.exe C:\Windows\mFMFgn.dll C:\Windows\MPFffSOyg.dll C:\Windows\MtIAFRUJf.dll C:\Windows\NqLTHmL.dll C:\Windows\NutUx.exe C:\Windows\NWmfqXd.exe C:\Windows\OcWUOUl.exe C:\Windows\OlXfhh.dll C:\Windows\OOXikU.exe C:\Windows\ouoWgDKW.exe C:\Windows\PegcVojnx.dll C:\Windows\pWTLVEUA.dll C:\Windows\QEICTxYAl.exe C:\Windows\qJcKdCwwF.exe C:\Windows\QubloP.exe C:\Windows\qYhbb.exe C:\Windows\rxIpjlV.exe C:\Windows\RyxACCOK.dll C:\Windows\SdafEYNu.dll C:\Windows\system32\AcCNS.dll C:\Windows\system32\aCuucIGl.dll C:\Windows\system32\BVFoo.dll C:\Windows\system32\cnAreSr.exe C:\Windows\system32\CsauqN.dll C:\Windows\system32\drivers\aHfuNNbqU.dll C:\Windows\system32\drivers\CnllSr.exe C:\Windows\system32\drivers\CNSRiwcLL.exe C:\Windows\system32\drivers\cwDeAvn.exe C:\Windows\system32\drivers\EWOLsqfla.dll C:\Windows\system32\drivers\fENJFAv.dll C:\Windows\system32\drivers\FIyNCL.exe C:\Windows\system32\drivers\fPXFWt.exe C:\Windows\system32\drivers\FsBqvL.dll C:\Windows\system32\drivers\GWVeK.dll C:\Windows\system32\drivers\HIfatBNx.exe C:\Windows\system32\drivers\HNNIsK.exe C:\Windows\system32\drivers\IXWAB.dll C:\Windows\system32\drivers\JNukgdeTO.exe C:\Windows\system32\drivers\jqVWbNCBj.exe C:\Windows\system32\drivers\kKfvLM.dll C:\Windows\system32\drivers\kqMoxjlUo.dll C:\Windows\system32\drivers\KSUhRSUfa.exe C:\Windows\system32\drivers\LaVEeMe.dll C:\Windows\system32\drivers\mNiBmCG.exe C:\Windows\system32\drivers\nIRTxh.dll C:\Windows\system32\drivers\oKQkvi.dll C:\Windows\system32\drivers\oQgiPwODj.exe C:\Windows\system32\drivers\paTEWyc.exe C:\Windows\system32\drivers\QCBJJM.dll C:\Windows\system32\drivers\qoflpU.dll C:\Windows\system32\drivers\rNKNO.dll C:\Windows\system32\drivers\ThKRuPVp.exe C:\Windows\system32\drivers\uLSyE.dll C:\Windows\system32\drivers\upIVGbK.exe C:\Windows\system32\drivers\uSDxgVVUL.exe C:\Windows\system32\drivers\UWMuPF.dll C:\Windows\system32\drivers\vQLpKy.exe C:\Windows\system32\drivers\wxhDu.dll C:\Windows\system32\drivers\xSrbVHK.dll C:\Windows\system32\drivers\ylgeilQR.dll C:\Windows\system32\epPnYRhHK.dll C:\Windows\system32\exdUBqT.exe C:\Windows\system32\ExMscw.exe C:\Windows\system32\fdWEy.dll C:\Windows\system32\FRbcwRndu.exe C:\Windows\system32\GGUARb.dll C:\Windows\system32\hBXPlGgXx.exe C:\Windows\system32\HhfCWu.exe C:\Windows\system32\HixUDL.dll C:\Windows\system32\IhyXHqq.dll C:\Windows\system32\iyEyOX.dll C:\Windows\system32\jkrNLxYH.dll C:\Windows\system32\lGmWjMj.exe C:\Windows\system32\LPdPN.dll C:\Windows\system32\lPQRy.dll C:\Windows\system32\LVJRRjfYl.dll C:\Windows\system32\msvcsv60.dll C:\Windows\system32\muTVnQecd.dll C:\Windows\system32\oYOEHY.dll C:\Windows\system32\PdeOhvGli.exe C:\Windows\system32\pFsrCCUsL.exe C:\Windows\system32\QcEFOy.exe C:\Windows\system32\qQIUsap.exe C:\Windows\system32\QTRMUCJgj.dll C:\Windows\system32\scaQiuApm.exe C:\Windows\system32\sqlite3.dll C:\Windows\system32\svNSDy.dll C:\Windows\system32\teOSdn.exe C:\Windows\system32\tUfGSiyu.dll C:\Windows\system32\tupqlqbqj.dll C:\Windows\system32\UMfBnJuT.dll C:\Windows\system32\VaHAuWCn.exe C:\Windows\system32\Vb40032.dll C:\Windows\system32\vSoXOawPa.dll C:\Windows\system32\wfmCEwJVu.dll C:\Windows\system32\wJXBcyrq.dll C:\Windows\system32\WOvnKXRF.dll C:\Windows\system32\XDtLrhbf.dll C:\Windows\tbhupPq.exe C:\Windows\TBTiPBjg.dll C:\Windows\TxpGJNT.dll C:\Windows\wddogk.dll C:\Windows\WfiglB.exe C:\Windows\XLTkqHb.dll C:\Windows\xMLKgq.exe C:\Windows\XXGiJdvNo.dll C:\Windows\YiVVTtBXX.dll C:\Windows\YrGKjKfd.exe E:\install.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\StartServiceEFFDME not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\auioz.info\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kuaiche.com\software\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\ not found. File {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found. ADS C:\Users\Demented Blaster\AppData\Local\f6k50JBrcNI:kst0Lb9K4A2lxGI1Wc6pE deleted successfully. ADS C:\Users\Demented Blaster\AppData\Local\qRbi6T2jAIurL:8oJ7sQ0MUdpqZKg1NpE3Ige2vK1 deleted successfully. ADS C:\Users\Demented Blaster\AppData\Local\kZr1vxHtCGqPRaJ:p3zeBxP6gllwy2p27IXj3vXWw deleted successfully. ADS C:\ProgramData\Microsoft:kup8QuWpb8r19NndbbDRSg35AFl deleted successfully. ADS C:\ProgramData\Microsoft:YnfShpa3CkvakXlJcB3jvN2e2TH deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Demented Blaster ->Temp folder emptied: 113246 bytes ->Temporary Internet Files folder emptied: 92805 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 41663973 bytes ->Google Chrome cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 42490 bytes User: ****er ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 1355776 bytes Total Files Cleaned = 41.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Administrator User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Demented Blaster ->Flash cache emptied: 0 bytes User: ****er ->Flash cache emptied: 0 bytes User: Guest User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.4.1 log created on 05112010_183642

I hope you can help too.lol

Hey sorry to be a pain Starbuck but the second time i ran the OTL Scan was i supposed to paste in that command...? As i didnt. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles

Once again sorry people & your help is much appreciated.

Hi Starbuck sorry about that i didn't mean to come over as a prat i do realise that all helpers are volunteers & that you have full time jobs & i do appreciate you taking time to help me so for that i'm sorry. I just want to get my comp back to normal so i can get on with my own stuff....Anyway I've attatched the logs as they seem quite long to me.OTL.Txt Extras.Txt

Hey can someone give me some help please?

Thanks Randyl, yeah i managed to upload the log. lol. Thankyou.

Hi again i ran the 2 programs but there was only 1 report generated from the OTL scan. It was too long to post so have attatched it with this post.OTL.Txt

1 more thing could it be a rootkit problem?

Hey Starbuck will be running those programs but probably wont be until tomorrow now or even the day after as i've woken up to a new problem this morn! I switched on the comp & there is some kind of virus scanning software virus. It wont even let me get into safe mode but have managed to get into safe mode with prompt & am now running malwarebytes. Am gonna run it on both my c drive & e drive but both are big (30+ gig each) so will take some time. Am also gonna run a virus scan on both afterwards & then super anti spyware after that so could be a few days so please keep this topic open. thanx. By the way could a virus jump from my c drive to my e drive?

hey i will do again in the morning in safe mode & will post the logs

oh no it's carried on again but in safe mode only, will post the logs when finished

Hi again Starbuck, i ran the 1st scan without any probs but when it came to the second i ran in both normal & safe mode & gave up as i think the program must of hung as it got stuck on a process that said Manual File - Getting folder structure...

Hey will these programs take long to run it's just that when i have run the comp in normal mode the har drive space dissapears thats why i've been running it in safe mode.