Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Major Virus Problem (system restore, folder options, regedit all disabled), HELP, I'm desperate
   
BullGuard Antivirus Forum > Virus > Virus Questions > Major Virus Problem (system restore, folder options, regedit all disabled), HELP, I'm desperate  
Forum Quick Jump
 
New Topic Post reply to : Major Virus Problem (system restore, folder options, regedit all disabled), HELP, I'm desperate Printable version of : Major Virus Problem (system restore, folder options, regedit all disabled), HELP, I'm desperate
[ << Previous Thread | Next Thread >> ]

jonathang



Date Joined Aug 2009
Total Posts : 0
  		   Posted 8-29-2009 5:24 (GMT +1)    Quote: Major Virus Problem (system restore, folder options, regedit all disabled), HELP, I'm desperateAlert an admin about: Major Virus Problem (system restore, folder options, regedit all disabled), HELP, I'm desperate
This is the worst problem I've encountered with a virus. But it seems my computer has been severely hijacked. Any help would be appreciated. I'm running Windows XP Home, Service Pack 2. Here's a list of problems:

1) It hijacks IE and Firefox, sending the vast majority of links I click on or URLs I attempt to go to to a random third-party 'search.php' page on the subject.

2) It has disabled my folder options so that hidden files and file extensions are not visible.

3) When I try to do a System Restore, it tells me 'System Restore has been turned off by group policy. To turn on System Restore, contact your domain Administrator'

4) When I try to run regedit, it tells me 'Registry editing has been disabled by your administrator'

5) I tried installing Spybot Search and Destroy. It started up normally the first time but once I began scanning, it was closed and the .exe file in the installed directory deleted. I re-installed and tried to run again and it just crashes on startup.

I am currently in the process of installing AVG in an effort to get a better handle on the problem.



Anyway, I've noticed that logs are requested of people that ask for help with these kinds of problems. I attempted to run that Random's System Information Tool (RSIT) exe file. However, it crashed in the middle of it. And when I try to relaunch it, I get the following error. 'Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.' I went to C:\rsit and here is what it produced before it was shut down, in log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-08-29 10:17:49
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 16 GB (23%) free of 73 GB
Total RAM: 2047 MB (69% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\iRadio task 1.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}]
C:\WINDOWS\system32\tajf83ikdmf.dll - C:\WINDOWS\system32\tajf83ikdmf.dll [2009-08-29 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7BA7B95F-9B92-4132-8012-E19B585CAF21} - Nutshell - C:\Program Files\nutshell\nutshell.dll [2002-02-14 86016]
{413EF496-7A5E-4b2c-919D-72B27745A0D5} - jg - C:\WINDOWS\Downloaded Program Files\CONFLICT.12\toolbar.dll [2004-04-10 405504]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2002-05-27 86016]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\windows\googletoolbar1.dll [2006-10-12 2108480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2002-09-09 114688]
"NvCplDaemon"=NvQTwk,NvCplDaemon initialize []
"Tweak UI"=TWEAKUI.CPL,TweakMeUp []
"EM_EXEC"=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2001-09-19 35328]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"WinPatrol"=C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe [2006-06-28 230976]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2001-09-27 245760]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2002-08-28 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-15 148888]
"gamadelere"=C:\WINDOWS\system32\dewokike.dll [2009-05-29 49152]
"CPMc36150cc"=c:\windows\system32\zajifali.dll [2009-08-29 84992]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-29 2007832]
"AVGIDS"=C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe [2009-07-22 1600008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Reg_Watcher_Vista"=C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\InvisibleInstaller.exe [2009-07-22 24072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"=nview.dll,nViewLoadHook []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"SkinClock"=C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [2008-09-24 527360]
"Windows System Recover!"=C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.exe [2009-08-29 22532]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk -
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
TabUserW.lnk - C:\Program Files\Wacom\TabUserW.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="dexplore.dll C:\WINDOWS\system32\gatepaka.dll c:\windows\system32\zajifali.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-29 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-09-09 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zajifali.dll [2009-08-29 84992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
ghya673gidh87we9inkff - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\tajf83ikdmf.dll [2009-08-29 15000]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zajifali.dll [2009-08-29 84992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\gatepaka.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
"NoLogoff"=01000000
"NoNetworkConnections"=01000000
"NoSMMyDocs"=01000000
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\Program Files\LeapFTP\LeapFTP.exe"="C:\Program Files\LeapFTP\LeapFTP.exe:*:Enabled:File Transfer Protocol (FTP) Client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"G:\warez\mpc2kxp6475\mplayerc.exe"="G:\warez\mpc2kxp6475\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\Program Files\WM Recorder 10\WMR90.exe"="C:\Program Files\WM Recorder 10\WMR90.exe:*:Enabled:Windows Media (TM) Stream Recorder"
"C:\Program Files\3aLab\iRadio\iRadio.exe"="C:\Program Files\3aLab\iRadio\iRadio.exe:*:Enabled:iRadio"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Documents and Settings\Owner\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Owner\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\KeyHoleTV\KeyHoleTV.exe"="C:\Program Files\KeyHoleTV\KeyHoleTV.exe:*:Enabled:KeyHole TV Main Application"
"C:\Program Files\barotv\barotv.exe"="C:\Program Files\barotv\barotv.exe:*:Enabled:IPTV"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"C:\Program Files\xchat\xchat.exe"="C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
shell\AutoRun\command - setup.exe


======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-08-29 10:17:50 ----D---- C:\Program Files\trend micro
2009-08-29 10:17:49 ----D---- C:\rsit
2009-08-29 10:01:47 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2009-08-29 10:01:24 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-29 09:57:10 ----D---- C:\WINDOWS\LastGood
2009-08-29 09:56:45 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2009-08-29 09:56:43 ----D---- C:\Program Files\AVG
2009-08-29 09:56:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-08-29 09:51:42 ----D---- C:\Documents and Settings\Owner\Application Data\AVG8
2009-08-29 09:22:15 ----D---- C:\autorun.inf
2009-08-29 08:52:40 ----D---- C:\Program Files\Spybot - Search & Destroy2
2009-08-29 01:16:14 ----A---- C:\WINDOWS\system32\EC2.tmp
2009-08-29 01:16:09 ----A---- C:\WINDOWS\system32\EC1.tmp
2009-08-29 01:16:07 ----A---- C:\p2hhr.bat
2009-08-29 01:15:28 ----A---- C:\Documents and Settings\Owner\Application Data\cb.exe
2009-08-29 01:15:01 ----A---- C:\WINDOWS\system32\tajf83ikdmf.dll
2009-08-29 01:15:00 ----A---- C:\ubtewc.exe
2009-08-29 01:15:00 ----A---- C:\ofxkrjx.exe
2009-08-29 01:15:00 ----A---- C:\hfik.exe
2009-08-29 00:21:44 ----D---- C:\Documents and Settings\All Users\Application Data\12878594
2009-08-06 14:46:12 ----A---- C:\WINDOWS\system32\WinUpdateMan.exe
2009-08-06 14:11:58 ----A---- C:\WINDOWS\system32\socklink.txt
2009-08-06 11:48:20 ----A---- C:\WINDOWS\system32\Msdirectx.exe

======List of files/folders modified in the last 1 months======

2009-08-29 10:17:50 ----D---- C:\Program Files
2009-08-29 10:08:45 ----D---- C:\WINDOWS\Prefetch
2009-08-29 10:06:05 ----D---- C:\WINDOWS\Temp
2009-08-29 10:03:22 ----D---- C:\WINDOWS\system32
2009-08-29 10:02:53 ----SHD---- C:\WINDOWS\Installer
2009-08-29 10:02:14 ----D---- C:\WINDOWS\system32\drivers
2009-08-29 09:58:05 ----HD---- C:\WINDOWS\inf
2009-08-29 09:57:10 ----D---- C:\WINDOWS
2009-08-29 09:56:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-29 09:56:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-29 09:26:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-29 09:25:10 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2009-08-29 09:24:58 ----A---- C:\Documents and Settings\Owner\Application Data\AtomicAlarmClock.ini
2009-08-29 09:22:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-29 09:21:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-29 09:14:14 ----D---- C:\Program Files\Mozilla Firefox
2009-08-29 08:46:36 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-29 01:20:34 ----D---- C:\WINDOWS\s?stem32
2009-08-29 01:20:34 ----D---- C:\WINDOWS\S?mantec
2009-08-29 01:20:34 ----D---- C:\WINDOWS\system32\?icrosoft.NET
2009-08-29 01:20:34 ----D---- C:\WINDOWS\system32\?icrosoft
2009-08-29 01:20:34 ----D---- C:\WINDOWS\system32\??pPatch
2009-08-29 01:20:33 ----D---- C:\WINDOWS\system32\??stem32
2009-08-29 01:20:33 ----D---- C:\WINDOWS\system32\??mbols
2009-08-29 01:20:33 ----D---- C:\WINDOWS\system32\??curity
2009-08-29 01:20:33 ----D---- C:\WINDOWS\system32\?ystem32
2009-08-29 01:20:33 ----D---- C:\WINDOWS\system32\?ystem
2009-08-29 01:20:33 ----D---- C:\WINDOWS\system32\?ymbols
2009-08-29 01:20:33 ----D---- C:\WINDOWS\system32\?ymantec
2009-08-29 01:20:33 ----D---- C:\WINDOWS\system32\?ecurity
2009-08-29 01:20:33 ----D---- C:\WINDOWS\system32\?dobe
2009-08-29 01:20:33 ----D---- C:\WINDOWS\system32\??crosoft.NET
2009-08-29 01:20:33 ----D---- C:\WINDOWS\system32\?dobe
2009-08-29 01:20:33 ----D---- C:\WINDOWS\system32\xircom
2009-08-29 01:20:33 ----D---- C:\WINDOWS\system32\wins
2009-08-29 01:20:32 ----D---- C:\WINDOWS\system32\T?sks
2009-08-29 01:20:32 ----D---- C:\WINDOWS\system32\s?mbols
2009-08-29 01:20:32 ----D---- C:\WINDOWS\system32\s?curity
2009-08-29 01:20:32 ----D---- C:\WINDOWS\system32\ShellExt
2009-08-29 01:20:26 ----D---- C:\WINDOWS\system32\M?crosoft.NET
2009-08-29 01:20:25 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-29 01:20:25 ----D---- C:\WINDOWS\system32\F?nts
2009-08-29 01:20:25 ----D---- C:\WINDOWS\system32\FLEOK
2009-08-29 01:20:24 ----D---- C:\WINDOWS\system32\export
2009-08-29 01:20:16 ----D---- C:\WINDOWS\system32\dhcp
2009-08-29 01:20:12 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-08-29 01:20:11 ----D---- C:\WINDOWS\system32\3com_dmi
2009-08-29 01:20:11 ----D---- C:\WINDOWS\system32\3076
2009-08-29 01:20:11 ----D---- C:\WINDOWS\system32\2052
2009-08-29 01:20:11 ----D---- C:\WINDOWS\system32\1054
2009-08-29 01:20:11 ----D---- C:\WINDOWS\system32\1042
2009-08-29 01:20:11 ----D---- C:\WINDOWS\system32\1041
2009-08-29 01:20:10 ----D---- C:\WINDOWS\system32\1037
2009-08-29 01:20:10 ----D---- C:\WINDOWS\system32\1031
2009-08-29 01:20:10 ----D---- C:\WINDOWS\system32\1028
2009-08-29 01:20:10 ----D---- C:\WINDOWS\system32\1025
2009-08-29 01:19:35 ----HD---- C:\WINDOWS\PIF
2009-08-29 01:19:26 ----HD---- C:\WINDOWS\msdownld.tmp
2009-08-29 01:19:26 ----D---- C:\WINDOWS\mui
2009-08-29 01:19:26 ----D---- C:\WINDOWS\Minidump
2009-08-29 01:18:57 ----D---- C:\WINDOWS\Connection Wizard
2009-08-29 01:18:57 ----D---- C:\WINDOWS\Config
2009-08-29 01:18:57 ----D---- C:\WINDOWS\a?sembly
2009-08-29 01:17:50 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-29 01:15:10 ----D---- C:\WINDOWS\system32\config
2009-08-29 01:08:51 ----D---- C:\WINDOWS\CAVTemp
2009-08-29 01:02:51 ----SHD---- C:\System Volume Information
2009-08-29 00:21:33 ----ASH---- C:\WINDOWS\system32\dahovibo.exe
2009-08-29 00:21:31 ----ASH---- C:\WINDOWS\system32\diyahema.dll
2009-08-29 00:21:29 ----ASH---- C:\WINDOWS\system32\zajifali.dll
2009-08-29 00:21:09 ----D---- C:\WINDOWS\Internet Logs
2009-08-29 00:20:42 ----D---- C:\WINDOWS\??sks
2009-08-29 00:20:42 ----D---


-----------------

It looks like the infection occurred at 1:15-1:20am last night. Still don't know how to proceed though.

Thanks in advance for any help.

Post Edited (jonathang) : 29-08-2009 16:31:16 GMT

Back to Top
 
New Topic Post reply to : Major Virus Problem (system restore, folder options, regedit all disabled), HELP, I'm desperate Printable version of : Major Virus Problem (system restore, folder options, regedit all disabled), HELP, I'm desperate
 
Forum Information
Currently it is Saturday, November 21, 2009 11:15 AM (GMT +1)
There are a total of 73.031 posts in 17.116 threads.
In the last 3 days there were 14 new threads and 70 reply posts. View Active Threads
Who's Online
This forum has 30334 registered members. Please welcome our newest member, sushil.
35 Guest(s), 1 Registered Member(s) are currently online.  Details
Dickens
5 Latest Threads
Constant scanning andskipped files? (1)21-11-2009 10:08:33 (Dickens)
Michael Vick jerseys (1)21-11-2009 09:42:37 (Dickens)
Arizona Cardinals Jerseys (1)21-11-2009 09:37:23 (Dickens)
How to remove this Malware/Virus (0)21-11-2009 06:54:16 (bozzack)
Atlanta Falcons Jerseys (0)21-11-2009 06:15:26 (donejerseys)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard