1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

control panel missing...please help!!

Discussion in 'Virus & Other Malware Removal' started by chikongs, Dec 6, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. chikongs

    chikongs Thread Starter

    Joined:
    Dec 4, 2007
    Messages:
    8
    hi,

    the control panel is missing from my start menu.

    even when i right click go properties..it says

    Restrictions

    This operation has been cancelled due to restrictions in effect on this computer. please contact your system administrator.

    (this message appear twice)

    it's windows xp..and home pc..so d administrator is me rite?

    n is there any way to solve this problem without formatting the pc?

    Please help me!!! Thank you

    Computer illiterate.
     
  2. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
  3. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Download TrendMicro Hijackthis from Here to your Desktop.
    • Double-Click on HJTInstall.exe
    • Follow the prompts and allow it to create TrendMicro folder in Program Files.
    • Check Create Desktop Icon.
    • On your Desktop, Double-Click on Hijackthis.exe.
    • Click on Do A System Scan and Save a Log File.
    • In your next reply, copy and paste the Hijackthis log.
     
  4. chikongs

    chikongs Thread Starter

    Joined:
    Dec 4, 2007
    Messages:
    8
    thankz for your help..i've done what you asked me to do...so what's next?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:57:15 AM, on 12/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\WINDOWS\System32\Rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\DUNGDUNG\INSTALLER\ARES\Ares.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\Program Files\Rainlendar\Rainlendar.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Winamp Remote\bin\Orb.exe
    c:\program files\winamp toolbar\WinampTbServer.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\hijack\HijackThis.exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll
    O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
    O2 - BHO: browser optimizer by rightonadz - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll (file missing)
    O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsgB.dll
    O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll (file missing)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [ares] "D:\DUNGDUNG\INSTALLER\ARES\Ares.exe" -h
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: Rainlendar.lnk = D:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2A56BB3B-05ED-4DB3-91ED-1E792A78ACDE}: NameServer = 202.188.0.133,202.188.1.5
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2A56BB3B-05ED-4DB3-91ED-1E792A78ACDE}: NameServer = 202.188.0.133,202.188.1.5
    O17 - HKLM\System\CS3\Services\Tcpip\..\{2A56BB3B-05ED-4DB3-91ED-1E792A78ACDE}: NameServer = 202.188.0.133,202.188.1.5
    O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - D:\DUNGDUNG\ARES\chatServer.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

    --
    End of file - 8140 bytes
     
  5. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please download SmitfraudFix
    to your Desktop.


    You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, double-click SmitfraudFix.exe
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background.


    ======================================

    Download Combofix and save it to your desktop.

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    --------------------------------------------------------------------
    Please go to Start---> Run---> In the space provided, type "%userprofile%\Desktop\ComboFix.exe" /killall
    & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall



    In your next reply, please include a fresh HIjackthis log and ComboFix log. Thanks
     
  6. chikongs

    chikongs Thread Starter

    Joined:
    Dec 4, 2007
    Messages:
    8
    ohh....my control panel is back

    but when i tried to Start...Run.."%userprofile%\Desktop|ComboFix.exe"/killall

    got error message

    RUNDLL
    An exception occured while trying to run ""C:\WINDOWS\system32\gzmrt.dll"DllStart"

    but i manage to run it when i type Start...Run.."%userprofile%\Desktop|ComboFix.exe"

    got virus but my control panel is back...:)

    Anyways..im not sure if this is the ComboFix.txt file you wanted but here goes:- the combofix txt and the new Hijackthis log file

    ComboFix 07-12-08.1 - User 2007-12-08 23:18:59.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.79 [GMT 8:00]
    Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
    * Created a new restore point
    .

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:29, on 2007-12-08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    D:\DUNGDUNG\INSTALLER\ARES\Ares.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    c:\program files\winamp toolbar\WinampTbServer.exe
    D:\Program Files\Rainlendar\Rainlendar.exe
    C:\Program Files\Winamp Remote\bin\Orb.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\hijack\HijackThis.exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
    O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
    O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [ares] "D:\DUNGDUNG\INSTALLER\ARES\Ares.exe" -h
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: Rainlendar.lnk = D:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2A56BB3B-05ED-4DB3-91ED-1E792A78ACDE}: NameServer = 202.188.0.133,202.188.1.5
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2A56BB3B-05ED-4DB3-91ED-1E792A78ACDE}: NameServer = 202.188.0.133,202.188.1.5
    O17 - HKLM\System\CS3\Services\Tcpip\..\{2A56BB3B-05ED-4DB3-91ED-1E792A78ACDE}: NameServer = 202.188.0.133,202.188.1.5
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - D:\DUNGDUNG\ARES\chatServer.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

    --
    End of file - 7050 bytes

    Is that it?
     
  7. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please reboot your machine and Double-Click on ComboFix.exe. You must of closed it before it had completed
    O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"


    Let me know if you have anymore problems. Thanks.
     
  8. chikongs

    chikongs Thread Starter

    Joined:
    Dec 4, 2007
    Messages:
    8
    im not so sure what problem my pc have but everytime i start or restart my pc this message would appear..

    RUNDLL
    An exception occured while trying to run ""C:\WINDOWS|system32\gzmrt.dll"DllStart"


    i did what u asked me to do..
    i reboot my pc and run ComboFix.exe
    however i didn't wait for 04-HKLM\..\Run:[combofix]"C:\WINDOWS\system32\cmd.exe"/C"cd/d C:\ComboFix\& Combobatch.bat"

    After i run the ComboFix, it did autoscan..n show message complete stage 1,complete stage 2..and so on until stage 23 then i stop the program because im not sure where am i suppose to stop..
    am i suppose to really wait for the stages to be completed first?
     
  9. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Okay, you need to let it run completely. It will go to stage 35 or more and then it will reboot your computer. After reboot ComboFix will finish up and a log will popup. ComboFix will till you exactly what its doiing, you have to be patient and let it run. ComboFix shouldn't take any longer than 30 minutes to run.
     
  10. chikongs

    chikongs Thread Starter

    Joined:
    Dec 4, 2007
    Messages:
    8
    Sorry for the delay

    i've reboot teh pc n restart but i still hav the RUNDLL message.

    am i suppose to post the report of ComboFix?
     
  11. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    yes. Thanks
     
  12. chikongs

    chikongs Thread Starter

    Joined:
    Dec 4, 2007
    Messages:
    8
    ComboFix 07-12-08.1 - User 2007-12-13 0:19:02.3 - NTFSx86
    Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
    .

    2007-12-08 23:45 . 2007-12-08 23:58 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-12-08 23:45 . 2007-12-08 23:58 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-12-08 23:44 . 2007-12-08 23:44 <DIR> d-------- C:\Program Files\Kaspersky Lab
    2007-12-08 23:44 . 2007-12-13 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-12-08 23:44 . 2007-12-13 00:28 1,820,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-12-08 23:44 . 2007-12-13 00:15 24,788 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-12-08 23:44 . 2007-12-13 00:27 17,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-12-08 23:44 . 2007-12-13 00:15 2,540 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-12-08 23:01 . 2007-12-08 23:01 1,596,372 --a------ C:\ComboFix.exe
    2007-12-08 22:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-12-08 22:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-12-08 22:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-12-08 22:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-12-08 22:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-12-08 22:46 . 2007-12-08 22:48 3,006 --a------ C:\WINDOWS\system32\tmp.reg
    2007-12-05 23:39 . 2007-12-05 23:39 59,223 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
    2007-12-04 01:12 . 2007-12-04 01:12 282,624 --a------ C:\WINDOWS\system32\adssite_sidebar.dll
    2007-11-29 22:42 . 2007-11-29 22:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-11-29 22:42 . 2007-11-29 22:42 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-11-28 22:52 . 2007-11-28 22:52 64,000 --a------ C:\WINDOWS\system32\gzmrt.dll
    2007-11-12 12:14 . 2007-11-12 12:14 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2007-11-12 12:13 . 2007-11-29 21:32 <DIR> d-------- C:\Documents and Settings\User\Application Data\U3

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-09 15:48 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
    2007-12-08 15:40 --------- d-----w C:\Documents and Settings\User\Application Data\AVG7
    2007-12-08 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2007-12-01 12:00 79,868 ----a-w C:\WINDOWS\system32\adssite-remove.exe
    2007-11-29 03:08 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
    2007-10-22 07:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
    2007-10-22 07:08 --------- d-----w C:\Program Files\Winamp
    2007-10-22 07:07 --------- d-----w C:\Program Files\Winamp Toolbar
    2007-10-22 07:07 --------- d-----w C:\Program Files\Winamp Remote
    2007-10-22 07:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
    2007-10-15 06:27 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
    2007-10-15 06:25 --------- d-----w C:\Program Files\Common Files\SWF Studio
    2007-10-02 07:06 33,511 ----a-w C:\WINDOWS\system32\ninjaext-uninstall.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-05 04:06 1135968]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-05 04:06 1135968]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]
    "ares"="D:\DUNGDUNG\INSTALLER\ARES\Ares.exe" [2007-05-15 06:37]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-07 13:11]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-08 08:18]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 C:\WINDOWS\SOUNDMAN.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-01-03 00:52]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
    "Device Detector"="DevDetect.exe" []
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" []
    "EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe" [2004-01-14 02:00]
    "postSetupCheck"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-04 08:56]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
    R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{080fe213-fd50-11db-b060-0019db69f340}]
    \Shell\Auto\command - MicrosoftPowerPoint.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PET32.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82658cd9-1d26-11d7-9b55-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8382e425-740d-11dc-b13b-0019db69f340}]
    \Shell\Auto\command - H:\RavMonE.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a64e9979-90d5-11dc-b18f-0019db69f340}]
    \Shell\AutoRun\command - H:\
    \Shell\explore\Command - H:\RECYCLER\INFO.exe
    \Shell\open\Command - H:\RECYCLER\INFO.exe

    .
    **************************************************************************

    catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-13 00:28:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-13 0:30:25
    .
    --- E O F ---


    is that it?
     
  13. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    is your H:/ drive a flash drive??? Because its infected. Please let me know.
     
  14. chikongs

    chikongs Thread Starter

    Joined:
    Dec 4, 2007
    Messages:
    8
    i think it is a flash drive.
    bcos when i go to my computer there's no H:/
    n i didn't insert any usb flash drive.
     
  15. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Best thing to do is stick whatever ones you have. The site will be down most of today, so if you can't get on that why. Once you post back, we can go ahead with disinfecting the flash drives.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/659857

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice