Jump to content

Armanno

Honorary Members
  • Posts

    25
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sorry for the late reply, had alot going on recently. Anyways, now it's not completely unbootable, but it seems unusable. If I wait a really long time on startup, it actually loads explorer.exe and i can get access to my files, but the internet is now completely unusable, theres no sound etc. and I tried using a flash drive to transfer some of my logs/programs you gave me, but the computer wont recognize it, and I can't figure out how to access it. Also, I had an experience in the past where I had a flash drive in my computer when I had a virus, and it ended up getting infected, and then infected my dad's old computer when he put it in, so I was wondering if that is something I should worry about, and if there's any other way to get those files you sent me onto my computer without having to use the Rescue Cd. (Or to save some files from my infected computer incase something happens). Also, I might get a hand from a family friend who's good with fixing computers to help out, so that might make this easier.
  2. Yeah I'm on my dad's computer, cause even when my computer could get on the internet before, this website was blocked. so yeah its been a pain to email the links and logs back and forth, but now my comp is pretty much unusable
  3. Uh, ok now i just rebooted and it only shows the desktop background, no icons or taskbar, and task manager wont come up, and also i cant go into safe mode, everytime i click it it restarts.
  4. Hey, thanks for the help. But, I'm trying to run combofix and i renamed it like you said, but when i open it and i say yes to the agreement, it says it's unsafe to continue, and that my combofix has been compromised, even after i tried redownloading it about 3 times. Also, everytime i reboot, i have internet usage for about 5-10 minutes, and then it wont connect to any site again and i have to reboot, so once that gets fixed i can send the rootkit scan, which took a long time.
  5. Hey, so before I would keep getting these vundo trojans over and over, I would use malwarebytes anti-malware to scan and delete them but they kept coming back no matter how many times i updated and scanned. They seemed harmless at first, but then on startup i would get messages saying windows could not open files like "login uii" to protect my computer. Now, malewarebytes would not run and everytime i tried to reinstall it it would not work. The virus even somehow blocked me from using this website (I'm on my dad's computer). Eventually it started stopping explorer.exe and I couldn't even get into safe mode. At one point It wouldn't even let me open task manager, which was the only way I was getting onto the internet at all. Eventually I could get on the internet, and used a bleepingcomputer.com guide to use rkill.exe and download a version of MBAM under a different name so it could run. I couldn't update because I couldn't connect to the mbam website, but i did a full scan and deleted around 34 objects, then restarted but there were still problems and I kept getting the popups and error messages. I also have suspicious processes running, mostly scvhosts that would take up alot of memory and computer usage, so my computer would run really slow because they took up so much memory. Also, I doubt this is relevant, but before this i forwarded my router ports so I could play in xbox games with my friend when our networks were conflicting, and I just want to make sure this wasn't allowing the viruses to keep coming back. Thanks for any help, and sorry to type so much, I just want to include as much info as possible.
  6. Hey everyone, well first off my problem started when I would be on the internet, and registry mechanic would keep flashing repeatedly telling me my registry has changed, so I would also run MBAM. Everytime I scanned it came up with about 7-8 objects, most of them being called Trojan.Vundo (or something like that) or security.disable(or something similiar) so I would delete them and the problem would go away for about a day and I would have to do it again a few times. Next, I would get weird messages upon starting up like "could not run dll as an app" and it also posted some porn links onto my desktop. Also, MBAM wouldn't load and it wouldn't let me install it because of a code 2 error or something and I think it deleted the mbam files because when I would click the icon, it would search for the files, but find nothing. I tried booting into safe mode and running it, but everytime I selected safe mode to run, it would just restart the computer, instead of allowing me to run in safe mode. Now, when I start up I get a message saying to protect my computer, windows explorer could not be run, so now I can't use my desktop or use any folders, and had to get to firefox by using task manager. Any help would be greatly appreciated.
  7. Awesome then, thanks for putting in so much time to help me out, my computer would have been like dead by now if it wasn't for you guys, haha. And, I'm definitely going to buy the full version, mostly because you were so helpful and willing to do it for free. Thanks!
  8. Nope everything seems to be running fine now, is there anything left to do?
  9. Ok, here's the HiJackThis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:40:03 AM, on 6/22/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\zHotkey.exe C:\Program Files\Digital Media Reader\readericon45G.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Registry Mechanic\RegMech.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10939 bytes
  10. Awesome, now I have my desktop back, can't thank you enough Combokill worked and heres the report(sorry for the double post). Also how do I get the HiJackThis log? ComboFix 09-06-20.04 - Owner 06/21/2009 20:03.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.555 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Application Data\.# c:\recycler\S-1-5-21-2376729691-3291624240-4135725320-500 c:\recycler\S-1-5-21-2926536862-2784431789-1591830859-500 c:\temp\1cb C:\WinLogon c:\documents and settings\Owner\Application Data\.#\MBX@270@B14950.### c:\documents and settings\Owner\Application Data\.#\MBX@270@B14960.### c:\documents and settings\Owner\Application Data\.#\MBX@270@B14970.### c:\documents and settings\Owner\Application Data\.#\MBX@270@B14D50.### c:\documents and settings\Owner\Application Data\.#\MBX@5D0@B148E0.### c:\documents and settings\Owner\Application Data\.#\MBX@5D0@B148F0.### c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts c:\windows\Tasks\fpwwnqzb.job c:\winlogon\CfReboot.dat c:\winlogon\d-del4AV.dat c:\winlogon\d-delA.dat c:\winlogon\drev.dat c:\winlogon\ErrTrap1 c:\winlogon\LSPDone c:\winlogon\mtee.cfexe c:\winlogon\MWindows.dat c:\winlogon\mynul.dat c:\winlogon\mypictures.folder.dat c:\winlogon\n.com c:\winlogon\N_\11479 c:\winlogon\N_\19260 c:\winlogon\N_\20289 c:\winlogon\N_\26290 c:\winlogon\N_\3919 c:\winlogon\N_\8852 c:\winlogon\N_\9086 c:\winlogon\N_\9459 c:\winlogon\N_\9612 c:\winlogon\ND_.bat c:\winlogon\ndis_combofix.dat c:\winlogon\netsvc.bad.dat c:\winlogon\netsvc.dat c:\winlogon\NetworkService.dat c:\winlogon\NirCmd.cfexe c:\winlogon\Nircmd.com c:\winlogon\NirCmdC.cfexe c:\winlogon\NlsLanguageDefault c:\winlogon\notifykeys.dat c:\winlogon\NT-OS.cmd c:\winlogon\NULL c:\winlogon\OsId.txt c:\winlogon\OSid.vbs c:\winlogon\OsVer c:\winlogon\Owner.user.cf c:\winlogon\pend.txt c:\winlogon\personal.folder.dat c:\winlogon\pev.cfexe c:\winlogon\pev.exe c:\winlogon\Policies.dat c:\winlogon\PreDIR c:\winlogon\Prep.inf c:\winlogon\ProcessKiLL00 c:\winlogon\ProcessKiLL01 c:\winlogon\Profiles.Folder.dat c:\winlogon\progfile.dat c:\winlogon\programs.folder.dat c:\winlogon\Purity.dat c:\winlogon\pv.cfexe c:\winlogon\RCLink.dat c:\winlogon\RcRdy c:\winlogon\RcVer00 c:\winlogon\REGDACL.sed c:\winlogon\RegDo.sed c:\winlogon\region.dat c:\winlogon\RegScan.cmd c:\winlogon\regt.cfexe c:\winlogon\Resident.txt c:\winlogon\RestoreO4.bat c:\winlogon\Rkey.cmd c:\winlogon\rogues.dat c:\winlogon\run.sed c:\winlogon\run2.sed c:\winlogon\Rust.str c:\winlogon\safeboot.dat c:\winlogon\safeboot.def.dat c:\winlogon\safeboot.def.vista.dat c:\winlogon\SafeBootRepair.bat c:\winlogon\sed.cfexe c:\winlogon\SetEnvmt.bat c:\winlogon\SetPath.bat c:\winlogon\setpath.cfexe c:\winlogon\SF.exe c:\winlogon\sfx.cmd c:\winlogon\SnapShot.cmd c:\winlogon\SRestore.cmd c:\winlogon\srizbi.md5 c:\winlogon\startmenu.folder.dat c:\winlogon\startup.folder.dat c:\winlogon\SuppScan.cmd c:\winlogon\Suspect_feixue c:\winlogon\Suspect_ntfy.dat c:\winlogon\svc_wht.dat c:\winlogon\SvcDrv.vbs c:\winlogon\svchost.dat c:\winlogon\SvcTarget.dat c:\winlogon\SWREG.cfexe c:\winlogon\swreg.exe c:\winlogon\swsc.cfexe c:\winlogon\swxcacls.cfexe c:\winlogon\SysPath.dat c:\winlogon\system_ini.dat c:\winlogon\tail.cfexe c:\winlogon\templates.folder.dat c:\winlogon\toolbar.sed c:\winlogon\unhand.dat c:\winlogon\v_wht.dat c:\winlogon\version.txt c:\winlogon\VInfo c:\winlogon\ViPev00 c:\winlogon\ViPev01 c:\winlogon\vistareg.dat c:\winlogon\vRun_DLL c:\winlogon\vundonames.dat c:\winlogon\w2kreg.dat c:\winlogon\whitedir.dat c:\winlogon\whitedirCreated.dat c:\winlogon\Windir.dat c:\winlogon\Wmi_rem.vbs c:\winlogon\WowDone.dat c:\winlogon\XP.mac c:\winlogon\xpreg.dat c:\winlogon\zDomain.dat c:\winlogon\zhsvc.dat c:\winlogon\zip.cfexe c:\winlogon\Zlob01 D:\Autorun.inf D:\Desktop.ini c:\windows\system32\proquota.exe . . . is missing!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSSECURITY1.209.4 -------\Legacy_TNIDRIVER ((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 ))))))))))))))))))))))))))))))) . 2009-06-20 03:01 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-06-20 03:01 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-06-20 03:01 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-06-20 03:01 . 2009-06-22 00:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-20 03:01 . 2009-06-20 03:01 -------- d-----w- c:\program files\Common Files\PC Tools 2009-06-20 03:01 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-06-20 03:01 . 2009-06-22 00:12 -------- d-----w- c:\program files\Spyware Doctor 2009-06-20 03:01 . 2009-06-20 03:01 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools 2009-06-20 03:01 . 2009-06-20 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-06-19 01:39 . 2009-06-19 01:39 174 ----a-w- C:\nm8912.bat 2009-06-19 01:39 . 2009-06-19 01:39 14336 ---h--w- c:\windows\ld10.exe 2009-06-19 01:39 . 2009-06-19 01:39 80128 ----a-w- c:\windows\system32\drivers\fabbtoltv.sys 2009-06-06 23:45 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-06 23:45 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-21 06:03 . 2008-09-08 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-06-20 15:14 . 2008-08-12 01:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-16 03:35 . 2006-04-23 20:45 -------- d-----w- c:\program files\Steam 2009-06-05 02:03 . 2006-05-08 00:14 10132 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat 2009-05-12 22:34 . 2005-01-10 01:26 86168 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-12 03:20 . 2009-05-12 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-12 03:18 . 2006-02-15 12:32 -------- d-----w- c:\program files\Microsoft Works 2009-05-12 03:18 . 2009-05-12 03:18 -------- d-----w- c:\program files\MSBuild 2009-05-12 03:16 . 2009-05-12 03:16 -------- d-----w- c:\program files\Microsoft.NET 2009-05-12 03:12 . 2009-05-12 03:12 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-05-07 20:12 . 2006-04-23 20:59 -------- d-----w- c:\program files\Graal 2007-04-09 02:41 . 2007-04-09 02:41 1458917 ----a-w- c:\program files\WinRAR.rar . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-03 2832280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016] "readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552] "OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248] "MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104] "MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992] "MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592] "MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-13 1121792] "VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840] "MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-28 999424] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-13 180269] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-06-12 1181576] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616] "CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-09 550912] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-14 14820864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-25 113664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2005-01-31 19:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Electronic Arts\\Battlefield 2142 Demo\\BF2142.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17243:TCP"= 17243:TCP:BitComet 17243 TCP "17243:UDP"= 17243:UDP:BitComet 17243 UDP R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/19/2009 11:01 PM 130936] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/19/2009 11:01 PM 348752] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/16/2007 11:00 PM 24652] S1 sfloppyy;sfloppyy;c:\windows\system32\drivers\sfloppyy.sys --> c:\windows\system32\drivers\sfloppyy.sys [?] S2 ejicdaf;ejicdaf;c:\windows\system32\drivers\fabbtoltv.sys [6/18/2009 9:39 PM 80128] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-08 23:30] . - - - - ORPHANS REMOVED - - - - HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-21 20:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(732) c:\progra~1\COMMON~1\Stardock\mcpstub.dll - - - - - - - > 'explorer.exe'(5996) c:\program files\Spyware Doctor\pctgmhk.dll c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll c:\progra~1\mcafee.com\vso\McVSSkt.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\progra~1\COMMON~1\stardock\MCPCore.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Common Files\aolshare\aolshcpy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\COMMON~1\stardock\SDMCP.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\McAfee.com\Agent\Mcdetect.exe c:\progra~1\McAfee.com\Agent\McTskshd.exe c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe c:\progra~1\McAfee.com\VSO\McVSEscn.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\Spyware Doctor\pctsSvc.exe c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe c:\windows\system32\ZuneBusEnum.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Zune\ZuneNss.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system32\dllhost.exe c:\progra~1\McAfee.com\PERSON~1\MpfService.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\ehome\ehmsas.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe . ************************************************************************** . Completion time: 2009-06-22 20:29 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-22 00:28 Pre-Run: 68,838,322,176 bytes free Post-Run: 72,846,827,520 bytes free 350 --- E O F --- 2009-01-15 08:02
  11. Oh didn't know what you meant by tools, haha. But what a relief it is to see mbam run again. I'm going to reboot and run combokill next, here's the mbam log. Malwarebytes' Anti-Malware 1.38 Database version: 2297 Windows 5.1.2600 Service Pack 2 6/21/2009 7:52:03 PM mbam-log-2009-06-21 (19-52-03).txt Scan type: Quick Scan Objects scanned: 101422 Time elapsed: 7 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 12 Registry Values Infected: 3 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ce793ca-d16f-4e25-b347-50aac438750c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7ce793ca-d16f-4e25-b347-50aac438750c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3c9ce04-ed8e-488a-b76b-9eef26b4f65c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e3c9ce04-ed8e-488a-b76b-9eef26b4f65c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127 ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8 cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c4863 5ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18 \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650 -b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18 \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2 -98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18 \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2 -540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\system32\rn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\documents and settings\Owner\local settings\Temp\~TMB6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\documents and settings\Owner\local settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\documents and settings\Owner\local settings\Temp\owesrcanmx.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\UACda04.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Owner\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
  12. Ok, I wiped it but nothing changed. Oh and, for some reason I was able to open RootRepeal without changing the name to scvhost.exe.
  13. I ran the scan the first time, and didn't see the file you mentioned, so I re-ran it, and this time it came up with less files it detected, but this is the report. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Time: 2009/06/21 16:06 Program Version: Version 1.3.0.0 Windows Version: Windows XP Media Center Edition SP2 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\WINDOWS\system32\drivers\fabbtoltv.sys Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\drivers\str.sys Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Status: Could not get file information (Error 0xc0000008) ==EOF==
  14. C:\WINDOWS\system32\drivers\UACaibiqhbtiyxwbdu.sys C:\WINDOWS\system32\UACdqjomloeqwupfqm.dll C:\WINDOWS\system32\UACosjnbajxqlixtfk.dat C:\WINDOWS\system32\UACukckwktbtqtuxji.dll C:\WINDOWS\system32\UACrifpllviburuboe.dll C:\WINDOWS\system32\UACngyxkhoscdppakt.dll C:\WINDOWS\system32\UACmxrqhdtxybmrkqn.db C:\WINDOWS\system32\UACtchngrrskymdtta.dll C:\WINDOWS\system32\UACkypycjlunobckdq.dll C:\WINDOWS\system32\UACutswwxymyeltecu.log C:\WINDOWS\system32\UACjgmgvmmrkfoyoam.log C:\WINDOWS\system32\UACrrucjnwillbmttpm.log That's what it told me to write down, I hope I didn't make any typos.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.