I'm having some major problems here

BullGuard Antivirus Forum > Virus Removal > Removal Help > I'm having some major problems here

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

djchad
New Member

Date Joined Mar 2006
Total Posts : 14

Posted 1-24-2008 8:18 (GMT +1)

Alright, I followed the instructions, and here's what happened:

AVG wouldn't let me save a report.

when I ran ROOTCHK.EXE, a whole swarm of warnings started going off in AVG anti-virus and Webroot Spy Sweeper with Antivirus.

Combofix wouldn't run.

Hijackthis did run.

I'm running Vista Ultimate SP1.

Here are the logs I did get.

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
Thu 01/24/2008 0:51:17.86

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

Unsupported operating system

********************************* ROOTCHK-LOG-end

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 00:51:20
Windows 6.0.6001 Service Pack 1, v.668
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive ...
IPC error: 2 The system cannot find the file specified.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027208e720]
"001a8a6e9147"=hex:12,30,99,c3,97,13,2d,18,25,a5,45,c2,fb,d7,7c,8c
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027208e720]
"001a8a6e9147"=hex:12,30,99,c3,97,13,2d,18,25,a5,45,c2,fb,d7,7c,8c

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\7971f918-a847-4430-9279-4a52d1efe18d]
"CurrentCacheFile"="C:\Windows\SoftwareDistribution\EventCache\{43EDB56F-3664-4A93-9D71-FDE8658E2338}.bin"
"FlushCacheFiles"=str(7):""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\\6\xfe\x00fdD]
"CacheSizeInMB"=dword:00000000
"CacheStatus"=dword:00000002
"USBVersion"=dword:00020000
"ReadSpeedKBs"=dword:0000022d
"WriteSpeedKBs"=dword:00000000
"PhysicalDeviceSizeMB"=dword:00025431
"RecommendedCacheSizeMB"=dword:00000000
"HasSlowRegions"=dword:00000000
"DoRetestDevice"=dword:00000000
"DeviceStatus"=dword:00000004
"LastTestedTime"=hex(b):eb,af,5c,c3,21,14,c8,01
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\\6\xfe\x00fdD]
"CacheSizeInMB"=dword:00000000
"CacheStatus"=dword:00000002
"USBVersion"=dword:00020000
"ReadSpeedKBs"=dword:000002de
"WriteSpeedKBs"=dword:00000000
"PhysicalDeviceSizeMB"=dword:00025431
"RecommendedCacheSizeMB"=dword:00000000
"HasSlowRegions"=dword:00000000
"DoRetestDevice"=dword:00000000
"DeviceStatus"=dword:00000004
"LastTestedTime"=hex(b):4b,7d,04,67,21,14,c8,01
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75AA0C19-1844-4945-8E79-74B7E226DEF7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75AA0C19-1844-4945-8E79-74B7E226DEF7}]
"Path"="\Microsoft\Windows Defender\MP Scheduled Scan"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,00,00,00,38,bf,a0,01,00,b6,ed,48,fe,..
"DynamicInfo"=hex:03,00,00,00,79,33,09,94,49,5e,c8,01,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan]
"Id"="{75AA0C19-1844-4945-8E79-74B7E226DEF7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex]
"pkm:catalog:LastCatalogCrawlId"=dword:000000f0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\241]
"CrawlType"=dword:00000002
"InProgress"=dword:00000001
"DoneAddingCrawlSeeds"=dword:00000001
"LogName"="C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl241.gthr"
"CheckPoint"=hex:2d,01,00,00,00,00,00,00
"IsCatalogLevel"=dword:00000000
"LogStartAddId"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2]
"CrawlNumberInProgress"=dword:000000f1

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:59 AM, on 1/24/2008
Platform: Windows Vista SP1, v.668 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.17052)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\taskeng.exe
C:\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SecurDisc] "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{66A90FD1-A4E8-40C9-A89A-4F2913E73523}
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gearsec - GEAR Software - C:\Windows\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10858 bytes

djchad
New Member

Date Joined Mar 2006
Total Posts : 14

Posted 1-24-2008 8:25 (GMT +1)

- Here is the AVG Anti-Virus history log, as well.

- <!--

 01c85e224ebf5480

--> <script>f(clean);</script>

- <rec time="2008/01/24 00:44:42" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\USERS\CHAD MESKE\APPDATA\LOCAL\TEMP\RUSAOLEHE-PC.DLL</attr>

<attr name="virusname">Generic9.AJZR</attr>

</rec>

- <rec time="2008/01/24 00:44:46" user="Chad Meske" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\Users\CHADME~1\AppData\Local\Temp\rusaolehE-PC.dll</attr>

<attr name="virusname">Generic9.AJZR</attr>

</rec>

- <rec time="2008/01/24 00:45:14" user="Chad Meske" source="Virus">

<value>@HL_ActionTaken</value>

<attr name="filename">C:\Users\CHADME~1\AppData\Local\Temp\rusaolehE-PC.dll</attr>

<attr name="action">@HL_ActCleaned</attr>

</rec>

- <rec time="2008/01/24 00:45:15" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\USERS\CHAD MESKE\APPDATA\LOCAL\TEMP\RUSAOLEHE-PC.DLL</attr>

<attr name="virusname">Generic9.AJZR</attr>

</rec>

- <rec time="2008/01/24 00:45:16" user="Chad Meske" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\Users\CHADME~1\AppData\Local\Temp\rusaolehE-PC.dll</attr>

<attr name="virusname">Generic9.AJZR</attr>

</rec>

- <rec time="2008/01/24 00:45:16" user="Chad Meske" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\Users\CHADME~1\AppData\Local\Temp\rusaolehE-PC.dll</attr>

<attr name="virusname">Generic9.AJZR</attr>

</rec>

- <rec time="2008/01/24 00:45:23" user="Chad Meske" source="Virus">

<value>@HL_ActionTakenRestartRequired</value>

<attr name="filename">C:\Users\CHADME~1\AppData\Local\Temp\rusaolehE-PC.dll</attr>

<attr name="action">@HL_ActCleaned</attr>

</rec>

- <rec time="2008/01/24 00:46:12" user="Chad Meske" source="Virus">

<value>@HL_ActionTaken</value>

<attr name="filename">C:\Users\CHADME~1\AppData\Local\Temp\rusaolehE-PC.dll</attr>

<attr name="action">@HL_ActCleaned</attr>

</rec>

- <rec time="2008/01/24 00:51:20" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\USERS\CHAD MESKE\APPDATA\LOCAL\TEMP\RUSAOLEHE-PC.DLL</attr>

<attr name="virusname">Generic9.AJZR</attr>

</rec>

- <rec time="2008/01/24 00:51:21" user="Chad Meske" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\Users\CHADME~1\AppData\Local\Temp\rusaolehE-PC.dll</attr>

<attr name="virusname">Generic9.AJZR</attr>

</rec>

- <rec time="2008/01/24 00:51:23" user="Chad Meske" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\Users\CHADME~1\AppData\Local\Temp\rusaolehE-PC.dll</attr>

<attr name="virusname">Generic9.AJZR</attr>

</rec>

- <rec time="2008/01/24 00:52:15" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\USERS\CHAD MESKE\APPDATA\LOCAL\TEMP\RUSAOLEHE-PC.DLL</attr>

<attr name="virusname">Generic9.AJZR</attr>

</rec>

</history>

djchad
New Member

Date Joined Mar 2006
Total Posts : 14

Posted 1-27-2008 10:50 (GMT +1)

Nobody?

djchad
New Member

Date Joined Mar 2006
Total Posts : 14

Posted 1-30-2008 11:16 (GMT +1)

Last call... I'm gonna nuke the hard drive tomorrow, otherwise.

Chad

djchad
New Member

Date Joined Mar 2006
Total Posts : 14

Posted 1-30-2008 11:17 (GMT +1)

Last call... I'm gonna nuke the hard drive tomorrow, otherwise.

Chad

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14307

Posted 2-1-2008 8:31 (GMT +1)

See if You get this version of combofix to run:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Wednesday, January 07, 2009 1:08 PM (GMT +1)
There are a total of 65.902 posts in 16.171 threads.
In the last 3 days there were 22 new threads and 106 reply posts. View Active Threads