-
Great, how are things running now ?
-
Still can't run most of my anti-virus/spyware programs or HJT. Same access error
Would I need to reinstall them, or doesn't that matter?
-
Drag exehelper to the trash. Redownload it and try running it in Safemode
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
To Enter Safemode
- Go to Start> Shut off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu. - Use the Up and Down Arrow Keys to scroll up to Safemode
- Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode
Also run this program
Please download fixAssocations to your desktop.
Double-click on fixAssociations.com to perform the fix.
Please test to see if your executable programs now work - you may have to reboot first.
Try your programs now
-
Here's the log from exehelper
exeHelper by Raktor - 09
Build 20090925
Run at 10:43:35 on 10/01/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Ran fixAssociations, still getting access errors. Not sure if this is important or not, but the PC speaker beeps too when the error box appears
-
-
Running into a problem
GMER starts up and starts scanning fine, but after about a minute it shuts the computer down with no warning
-
Disregard that last post, By the looks of it the shut downs were caused by a dusty CPU fan
Here's the GMER scan
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-01 16:29:56
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\FUZZ~1.FUZ\LOCALS~1\Temp\pxtdypow.sys
---- System - GMER 1.0.15 ----
SSDT spmi.sys ZwCreateKey [0xB9EAB0E0]
SSDT spmi.sys ZwEnumerateKey [0xB9EC8CA2]
SSDT spmi.sys ZwEnumerateValueKey [0xB9EC9030]
SSDT spmi.sys ZwOpenKey [0xB9EAB0C0]
SSDT spmi.sys ZwQueryKey [0xB9EC9108]
SSDT spmi.sys ZwQueryValueKey [0xB9EC8F88]
SSDT spmi.sys ZwSetValueKey [0xB9EC919A]
INT 0x83 ? 8AB14BF8
INT 0x83 ? 8A8A5E58
INT 0x83 ? 8AB14BF8
INT 0x84 ? 8A8A5E58
INT 0x94 ? 8A8A5E58
INT 0x94 ? 8A8A5E58
INT 0x94 ? 8A8A5E58
INT 0x94 ? 8A8A5E58
INT 0xA4 ? 8A8A5E58
INT 0xB4 ? 8AA9EBF8
INT 0xB4 ? 8AA9EBF8
INT 0xB4 ? 8AA9EBF8
INT 0xB4 ? 8AA9EBF8
INT 0xB4 ? 8AA9EBF8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8AB101F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FCFCC6C8-5AC2-4F97-B755-E48AAF0D59F7} 89E641F8
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-0 8A8651F8
Device \Driver\usbuhci \Device\USBPDO-1 8A8651F8
Device \Driver\usbuhci \Device\USBPDO-2 8A8651F8
Device \Driver\usbehci \Device\USBPDO-3 8A8161F8
Device \Driver\usbuhci \Device\USBPDO-4 8A8651F8
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-5 8A8651F8
Device \Driver\prodrv06 \Device\ProDrv06 E227FC30
Device \Driver\usbuhci \Device\USBPDO-6 8A8651F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AB121F8
Device \Driver\usbehci \Device\USBPDO-7 8A8161F8
Device \Driver\Cdrom \Device\CdRom0 8A8041F8
Device \Driver\Cdrom \Device\CdRom1 8A8041F8
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 8A8041F8
Device \Driver\Cdrom \Device\CdRom3 8A8041F8
Device \Driver\prohlp02 \Device\ProHlp02 E1015058
Device \Driver\NetBT \Device\NetBt_Wins_Export 89E641F8
Device \Driver\NetBT \Device\NetbiosSmb 89E641F8
Device \Driver\PCI_PNP4214 \Device\0000005c spmi.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 8A8651F8
Device \Driver\sptd \Device\744544214 spmi.sys
Device \Driver\usbuhci \Device\USBFDO-1 8A8651F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89E5E1F8
Device \Driver\usbuhci \Device\USBFDO-2 8A8651F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89E5E1F8
Device \Driver\usbehci \Device\USBFDO-3 8A8161F8
Device \Driver\usbuhci \Device\USBFDO-4 8A8651F8
Device \Driver\Ftdisk \Device\FtControl 8AB121F8
Device \Driver\usbuhci \Device\USBFDO-5 8A8651F8
Device \Driver\usbuhci \Device\USBFDO-6 8A8651F8
Device \Driver\usbehci \Device\USBFDO-7 8A8161F8
Device \Driver\aq10cigz \Device\Scsi\aq10cigz1Port6Path0Target0Lun0 8A7B51F8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8AB111F8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\JRAID \Device\Scsi\JRAID1 8AB111F8
Device \Driver\JRAID \Device\Scsi\JRAID1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\aq10cigz \Device\Scsi\aq10cigz1 8A7B51F8
Device \FileSystem\Cdfs \Cdfs 8A506500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x91 0x70 0x09 0xAE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB1 0xE6 0x11 0x69 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA6 0x21 0xBB 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x91 0x70 0x09 0xAE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB1 0xE6 0x11 0x69 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDC 0x8D 0xCB 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x91 0x70 0x09 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB1 0xE6 0x11 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEC 0x9F 0x41 0x9E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x91 0x70 0x09 0xAE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB1 0xE6 0x11 0x69 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAD 0x11 0x3C 0x2E ...
Reg HKLM\SYSTEM\controlset005\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset005\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset005\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset005\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset005\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset005\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset005\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset005\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset005\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset005\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset005\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset005\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset005\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x91 0x70 0x09 0xAE ...
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB1 0xE6 0x11 0x69 ...
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEC 0x9F 0x41 0x9E ...
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Fuzz.FUZZBOX\Local Settings\Application Data\Mozilla\Firefox\Profiles\qpz9dexl.default\Cache\120199A5d01 32118 bytes
File C:\Documents and Settings\Fuzz.FUZZBOX\Local Settings\Application Data\Mozilla\Firefox\Profiles\qpz9dexl.default\Cache\29212E1Cd01 0 bytes
---- EOF - GMER 1.0.15 ----
-
Hi,
I was checking to see if any of that rootkit came back but it did not.
Go ahead and uninstall Spybot via add remove programs and here is the latest version.
http://www.safer-networking.org/en/home/index.html
-
Spybot reinstalled and works fine.
So now it's just a case of reinstalling all my protection software?
-
Lets just check a setting
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules