Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
PC Critical condition. Couldn't open anti-v program. Couldn't install dss.exe PC Critical condition. Couldn't open anti-v program. Couldn't install dss.exe
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2 >
 
Thread Tools
Old 04-11-2008, 08:02 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 23
OS: xp sp2


Mistake PC Critical condition. Couldn't open anti-v program. Couldn't install dss.exe
Hi.

Newbie here. My system is badly hit. I couldn't load any anti-v program or anti-spyware. I couldn't install deckard system scanner. The Panda Activscan that you told everyone to do before posting remain at 0% thus I couldn't complete the pre-consultation task. What should I do now?
cableguy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-28-2008, 08:33 AM   #2 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 23
OS: xp sp2


Re: PC Critical condition. Couldn't open anti-v program. Couldn't install dss.exe
Any analyst care to take up my case?
cableguy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-16-2008, 08:09 AM   #3 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 23
OS: xp sp2


Re: PC Critical condition. Couldn't open anti-v program. Couldn't install dss.exe
It's been a month already....sigh
cableguy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-16-2008, 11:55 AM   #4 (permalink)
Moderator, Analyst, Security Team
 
amateur's Avatar
 
Join Date: Jun 2006
Location: Rhode Island, USA
Posts: 2,484
OS: XP Home SP3, XP Media Center Edition SP3


Re: PC Critical condition. Couldn't open anti-v program. Couldn't install dss.exe
Hello and welcome to TSF.

Sorry that your log has been overlooked. It's impossible for us to do anything without the required logs. Do you have any access to the internet?
__________________
My services are free. However, you can donate to TSF to help keep it running and prospering.
ASAP

amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-17-2008, 09:52 PM   #5 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 23
OS: xp sp2


Re: PC Critical condition. Couldn't open anti-v program. Couldn't install dss.exe
Finally. Thank you so much for responding.
I removed the hard disk and plugged in into another system.
The booting system has only C drive. E, F and G drive belongs to the badly hit hard disk. I guessed now the booting system also somehow got infected.


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-17 19:09:30
PROTECTIONS: 0
MALWARE: 77
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00018331 adware/gator Adware No 0 Yes No hkey_classes_root\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
00018331 adware/gator Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}
00029426 adware/sbsoft Adware No 0 Yes No c:\windows\rdt.ini
00029426 adware/sbsoft Adware No 0 Yes No hkey_local_machine\software\searchtoolbar
00034463 adware/wupd Adware No 0 Yes No c:\windows\system32\ide21201.vxd
00036016 adware/topmoxie Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{6685509E-B47B-4f47-8E16-9A5F3A62F683}
00047746 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460776.exe
00047746 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460777.exe
00047746 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460775.exe
00098066 adware/secure32 Adware No 1 Yes No c:\windows\system32\oleext.dll
00120519 Adware/TopRebates Adware No 0 No No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460773.exe[EbatesMoeMoneyMaker1.exe]
00120519 Adware/TopRebates Adware No 0 No No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460774.exe[EbatesMoeMoneyMaker1.exe]
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Administrator.PPC1\Desktop\SDFix.exe[SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Desktop\SDFix\SDFix\apps\Process.exe
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Application Data\Mozilla\Firefox\Profiles\9cu4f5bs.default\cookies.txt[.tribalfusion.com/]
00145737 Cookie/TopRebates.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@www.toprebates[2].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\penerangan@offeroptimizer[2].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.MUHAMMADIYAH\Cookies\administrator@offeroptimizer[1].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\pendep0@offeroptimizer[2].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@offeroptimizer[1].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\penerangan\Cookies\penerangan@offeroptimizer[3].txt
00145749 Cookie/Dashbar TrackingCookie No 0 Yes No C:\Documents and Settings\penerangan\Cookies\penerangan@results.dashbar[1].txt
00161843 Cookie/Transponder TrackingCookie No 0 Yes No C:\Documents and Settings\penerangan\Cookies\penerangan@pyn.pynix[2].txt
00161843 Cookie/Transponder TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@pyn.pynix[1].txt
00161887 Adware/TopRebates Adware No 0 No No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460774.exe[EbatesMoeMoneyMaker0.exe]
00161887 Adware/TopRebates Adware No 0 No No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460773.exe[EbatesMoeMoneyMaker0.exe]
00161888 Adware/TopRebates Adware No 0 No No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460773.exe[disp350.exe]
00161888 Adware/TopRebates Adware No 0 No No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460774.exe[disp350.exe]
00161898 Cookie/BetterInet TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@a[3].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Application Data\Mozilla\Firefox\Profiles\9cu4f5bs.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\adib\Cookies\adib@com[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\adib\Cookies\adib@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\pendep0@xiti[1].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Cookies\administrator@hotlog[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Cookies\administrator@ad.yieldmanager[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Application Data\Mozilla\Firefox\Profiles\9cu4f5bs.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Cookies\administrator@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Application Data\Mozilla\Firefox\Profiles\9cu4f5bs.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Application Data\Mozilla\Firefox\Profiles\9cu4f5bs.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Application Data\Mozilla\Firefox\Profiles\9cu4f5bs.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Application Data\Mozilla\Firefox\Profiles\9cu4f5bs.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Application Data\Mozilla\Firefox\Profiles\9cu4f5bs.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Application Data\Mozilla\Firefox\Profiles\9cu4f5bs.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Cookies\administrator@bs.serving-sys[1].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\pendep0@888[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Cookies\administrator@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Cookies\administrator@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Application Data\Mozilla\Firefox\Profiles\9cu4f5bs.default\cookies.txt[.adtech.de/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Application Data\Mozilla\Firefox\Profiles\9cu4f5bs.default\cookies.txt[.bravenet.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Cookies\administrator@adultfriendfinder[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\pendep0@adultfriendfinder[2].txt
00200862 Cookie/Btgrab TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\pendep0@btg.btgrab[2].txt
00200862 Cookie/Btgrab TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\penerangan@btg.btgrab[1].txt
00200862 Cookie/Btgrab TrackingCookie No 0 Yes No C:\Documents and Settings\penerangan\Cookies\penerangan@btg.btgrab[2].txt
00200862 Cookie/Btgrab TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.MUHAMMADIYAH\Cookies\administrator@btg.btgrab[2].txt
00200862 Cookie/Btgrab TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@btg.btgrab[2].txt
00217990 Cookie/WinFixer TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\pendep0@winfixer[2].txt
00220166 trj/spamer.c Virus/Trojan No 0 Yes No c:\windows\system32\wwwloader.exe.bak
00247910 w32/locksky.au.worm Virus/Worm No 0 Yes No c:\windows\system32\hard.lck
00258441 Adware/TopRebates Adware No 0 Yes No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP460\A0461888.exe
00258441 Adware/TopRebates Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe.vir
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.PPC1\Application Data\Mozilla\Firefox\Profiles\9cu4f5bs.default\cookies.txt[.atwola.com/]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Administrator.PPC1\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01176994 Bck/VB.XB Virus/Trojan No 0 No No E:\Documents and Settings\Adib\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460715.EXE
02656918 Adware/VirusRanger Adware No 0 No No C:\QooBox\Quarantine\C\Documents and Settings\Administrator.PPC1\My Documents\vrg_setup.exe.vir[VirusRanger.exe]
02656918 Adware/VirusRanger Adware No 0 No No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP441\A0457571.exe[VirusRanger.exe]
02839079 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460774.exe[popo350a_non.htm]
02839079 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460773.exe[popo350a_non.htm]
02870155 Application/VirusRanger HackTools No 0 No No C:\QooBox\Quarantine\C\Documents and Settings\Administrator.PPC1\My Documents\vrg_setup.exe.vir[asc4.dll]
02870155 Application/VirusRanger HackTools No 0 No No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP441\A0457571.exe[asc4.dll]
02870162 Application/VirusRanger HackTools No 0 No No C:\QooBox\Quarantine\C\Documents and Settings\Administrator.PPC1\My Documents\vrg_setup.exe.vir[bpw.dll]
02870162 Application/VirusRanger HackTools No 0 No No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP441\A0457571.exe[bpw.dll]
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460706.sys
02895340 Adware/PurityScan Adware No 0 Yes No E:\WINDOWS\system32\univrs32.dat
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No F:\found.001\dir0003.chk\A0009524.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No F:\found.001\file0001.chk
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP8\A0005140.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No F:\found.001\dir0002.chk\A0005135.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009522.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No F:\found.001\dir0003.chk\A0009506.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0006083.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No F:\found.001\dir0003.chk\A0009486.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009504.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009484.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005133.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP12\A0009677.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005118.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No F:\found.001\dir0002.chk\A0005120.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005089.com
02896018 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005103.com
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005090.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005104.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005117.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP8\A0005139.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005102.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0006082.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005119.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005088.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009483.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009503.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005134.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No F:\found.001\dir0003.chk\A0009507.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009521.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP8\A0005141.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009523.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No F:\found.001\dir0003.chk\A0009487.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No F:\found.001\dir0002.chk\A0005092.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0006084.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No F:\found.001\dir0002.chk\A0005136.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009485.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005132.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No F:\found.001\dir0002.chk\A0005121.inf
02896019 W32/Lineage.HHE.worm Virus/Worm No 1 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009505.inf
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No E:\WINDOWS\system32\dllcache\beep.sys
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No E:\WINDOWS\system32\drivers\beep.sys
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP4\A0003982.sys
02906359 Adware/WinReanimator Adware No 0 Yes No E:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP457\A0460634.exe
02906359 Adware/WinReanimator Adware No 0 Yes No E:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP457\A0460633.exe
02906930 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009575.inf
02906930 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP18\A0011801.inf
02906930 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009573.inf
02906930 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP17\A0011793.inf
02906930 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011883.inf
02906930 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP18\A0011805.inf
02906930 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011887.inf
02906930 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011907.inf
02906930 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP17\A0011795.inf
02906930 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP18\A0011803.inf
02906930 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011885.inf
02906930 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011905.inf
02906930 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011903.inf
02906931 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\Documents and Settings\Administrator\Local Settings\Temp\bm.dll
02906931 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP534\A0470251.dll
02906932 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009578.exe
02906932 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011908.exe
02906933 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\Documents and Settings\Administrator\Local Settings\Temp\jkero.dll
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No G:\rtnlpipu.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP17\A0011794.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP18\A0011802.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011906.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011886.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011884.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP18\A0011804.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No F:\rtnlpipu.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009572.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP17\A0011792.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009574.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011882.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011904.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011902.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP17\A0011790.exe
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP18\A0011800.com
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011909.exe
02906934 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\rtnlpipu.com
02906935 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP17\A0011791.dll
02906935 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP20\A0012014.dll
02906935 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011897.dll
02906935 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011910.dll
02906936 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\WINDOWS\system32\tavo1.dll
02906936 W32/Lineage.HUZ.worm Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009564.dll
02907453 Application/WinReanimator Spyware No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP12\A0009615.exe
02907453 Application/WinReanimator Spyware No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP11\A0009601.exe
02907453 Application/WinReanimator Spyware No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP5\A0005030.exe
02907453 Application/WinReanimator Spyware No 0 Yes No E:\WINDOWS\system32\winivstr.exe
02907453 Application/WinReanimator Spyware No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009562.exe
02907453 Application/WinReanimator Spyware No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP12\A0009686.exe
02907453 Application/WinReanimator Spyware No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP16\A0010712.exe
02907453 Application/WinReanimator Spyware No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP4\A0004030.exe
02907453 Application/WinReanimator Spyware No 0 Yes No E:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP534\A0470255.exe
02907453 Application/WinReanimator Spyware No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009518.exe
02907453 Application/WinReanimator Spyware No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP16\A0010723.exe
02907453 Application/WinReanimator Spyware No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP19\A0011901.exe
02907453 Application/WinReanimator Spyware No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP17\A0011748.exe
02907453 Application/WinReanimator Spyware No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP10\A0009586.exe
02908018 Cookie/WinReanimator TrackingCookie No 0 Yes No E:\Documents and Settings\Adib\Cookies\adib@winreanimator[1].txt
02910707 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhf.dll.vir
02910707 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460697.dll
02913521 Adware/UltimateDefender Adware No 0 Yes No E:\sysivsl.exe
02917642 Generic Malware Virus/Trojan No 0 No No C:\QooBox\Quarantine\C\Documents and Settings\Administrator.PPC1\My Documents\vrg_setup.exe.vir[vrsvc.exe]
02917642 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP441\A0457571.exe[vrsvc.exe]
02918031 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\byxxwxy.dll.vir
02918031 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460695.dll
02919874 Generic Malware Virus/Trojan No 0 No No C:\QooBox\Quarantine\C\Documents and Settings\Administrator.PPC1\My Documents\vrg_setup.exe.vir[vrext.dll]
02919874 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP441\A0457571.exe[vrext.dll]
02928117 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP457\A0460629.dll
02929194 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP457\A0460628.dll
02929573 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP457\A0460630.dll
02936413 W32/Lineage.IGF Virus No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP20\A0012021.exe
02936416 W32/Lineage.IGF Virus No 0 Yes No E:\Documents and Settings\Adib\Local Settings\Temp\tru1.tmp
02936418 W32/Lineage.IGF.worm Virus/Worm No 0 Yes No E:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP534\A0470250.dll
02936432 W32/Lineage.IGF.worm Virus/Worm No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP20\A0012023.dll
02936435 W32/Lineage.IGF.worm Virus/Worm No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP20\A0012022.dll
02936957 Trj/Lineage.IGU Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP457\A0460618.bat
02936957 Trj/Lineage.IGU Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP20\A0012911.bat
02936957 Trj/Lineage.IGU Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP20\A0012915.bat
02936957 Trj/Lineage.IGU Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP457\A0460617.bat
02936957 Trj/Lineage.IGU Virus/Trojan No 0 Yes No G:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP457\A0460619.bat
02936957 Trj/Lineage.IGU Virus/Trojan No 0 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP20\A0012913.bat
02936957 Trj/Lineage.IGU Virus/Trojan No 0 Yes No E:\WINDOWS\system32\kavo.exe
02937095 W32/Lineage.IGW Virus No 0 Yes No E:\WINDOWS\system32\tavo.exe
02937101 W32/Lineage.IGW.worm Virus/Worm No 0 Yes No E:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP534\A0470253.dll
02937104 W32/Lineage.IGW.worm Virus/Worm No 0 Yes No E:\WINDOWS\system32\tavo0.dll
02937104 W32/Lineage.IGW.worm Virus/Worm No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP20\A0012910.dll
02937164 W32/Lineage.IGF.worm Virus/Worm No 0 Yes No F:\gsxlexd.cmd
02937164 W32/Lineage.IGF.worm Virus/Worm No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP20\A0012015.cmd
02937164 W32/Lineage.IGF.worm Virus/Worm No 0 Yes No G:\gsxlexd.cmd
02937164 W32/Lineage.IGF.worm Virus/Worm No 0 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP20\A0012013.exe
02937164 W32/Lineage.IGF.worm Virus/Worm No 0 Yes No F:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP20\A0012019.cmd
02937164 W32/Lineage.IGF.worm Virus/Worm No 0 Yes No G:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP20\A0012017.cmd
02937164 W32/Lineage.IGF.worm Virus/Worm No 0 Yes No E:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP534\A0470258.cmd
02937165 W32/Lineage.IGF.worm Virus/Worm No 0 Yes No E:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP534\A0470254.dll
02937205 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{DC04EF94-E5F5-4E95-9122-A36A9735AB63}\RP458\A0460694.dll
02937231 W32/Lineage.IGW.worm Virus/Worm No 0 Yes No E:\Documents and Settings\Adib\Local Settings\Temp\tru2.tmp
02941012 Trj/Lineage.BZE Virus/Trojan No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005115.dll
02941012 Trj/Lineage.BZE Virus/Trojan No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009498.dll
02941012 Trj/Lineage.BZE Virus/Trojan No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009565.dll
02941012 Trj/Lineage.BZE Virus/Trojan No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009519.dll
02941012 Trj/Lineage.BZE Virus/Trojan No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005130.dll
02941012 Trj/Lineage.BZE Virus/Trojan No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP9\A0009476.dll
02941012 Trj/Lineage.BZE Virus/Trojan No 1 Yes No E:\System Volume Information\_restore{B11E8933-832A-4A2A-A722-FD1342D848DD}\RP7\A0005100.dll
02942184 Trj/Lineage.BZE Virus/Trojan No 1 Yes No E:\WINDOWS\system32\kavo0.dll
02942184 Trj/Lineage.BZE Virus/Trojan No 1 Yes No E:\WINDOWS\system32\kavo1.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location %HXE
3

;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description %HXE
3

;===================================================================================================================================================================================
108742 MEDIUM MS06-006 %HXE
3

;===================================================================================================================================================================================
Attached Files
File Type: txt kaspersky anti-virus log.txt (353.4 KB, 2 views)
cableguy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-18-2008, 04:31 AM   #6 (permalink)
Moderator, Analyst, Security Team
 
amateur's Avatar
 
Join Date: Jun 2006
Location: Rhode Island, USA
Posts: 2,484
OS: XP Home SP3, XP Media Center Edition SP3


Re: PC Critical condition. Couldn't open anti-v program. Couldn't install dss.exe
Hi,

It appears that you've used Combofix. On whose advice did you do that? Combofix is a very powerful tool. If used without the supervision of a trained analyst, it can render the system unbootable.
Please delete the previous copy of the combofix.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you. The report will be save at the following location:
C:\ComboFix.txt

==================================

Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:
  1. Save HJTInstall.exe to your desktop.
  2. Double-click on HJTInstall.exe to run the program.
  3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  4. Accept the license agreement by clicking the "I Accept" button.
  5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  6. Click "Save log" to save the log file and then the log will open in Notepad.
  7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  8. Come back here to this thread and paste the log in your next reply.

Please include the following reports for further review, so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
__________________
My services are free. However, you can donate to TSF to help keep it running and prospering.
ASAP

amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-18-2008, 06:36 PM   #7 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 23
OS: xp sp2


Re: PC Critical condition. Couldn't open anti-v program. Couldn't install dss.exe
Yes. Previously there was an analyst from this security team who helped me with this system. Anyway here are the logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:33:13, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1209869791062
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1210411885625
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sg.muhammadiyah.intra
O17 - HKLM\Software\..\Telephony: DomainName = sg.muhammadiyah.intra
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sg.muhammadiyah.intra
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

--
End of file - 4034 bytes
Attached Files
File Type: txt ComboFix.txt (384.0 KB, 2 views)
cableguy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-18-2008, 08:50 PM   #8 (permalink)
Moderator, Analyst, Security Team
 
amateur's Avatar
 
Join Date: Jun 2006
Location: Rhode Island, USA
Posts: 2,484
OS: XP Home SP3, XP Media Center Edition SP3


Re: PC Critical condition. Couldn't open anti-v program. Couldn't install dss.exe
Hi cableguy,

Quote:
Previously there was an analyst from this security team who helped me with this system.
Can you give me the link please. I cannot seem to find it.

=======================================

It's surprising that the HijackThis log is clean. You don't have a running AntiVirus. That's a problem.

Download one of these (free for personal use) anti-virus programs RIGHT NOW, update it and run a full scan. Have it fix anything it finds.

AntiVir Free from here : http://www.free-av.com/
Grisoft AVG from here : http://free.grisoft.com/doc/1
Avast Home Edition from here : http://www.avast.com/eng/down_home.html

Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

=======================================
  • Open notepad (Start>All programs>accessories>notepad )
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
(It must be notepad, not wordpad, or it won't work):

Code:
File::

E:\Documents and Settings\Administrator\Local Settings\Temp\bm.dll
E:\Documents and Settings\Administrator\Local Settings\Temp\jkero.dl
E:\Documents and Settings\Administrator\Local Settings\Temp\set2.tmp
E:\gsxlexd.cmd
E:\rtnlpipu.com
E:\sysivsl.exe
E:\WINDOWS\system32\kavo.exe
E:\WINDOWS\system32\kavo0.dll
E:\WINDOWS\system32\kavo1.dl
E:\WINDOWS\system32\tavo.exe
E:\WINDOWS\system32\tavo0.dll
E:\WINDOWS\system32\univrs32.dat
E:\WINDOWS\system32\winivstr.exe
G:\gsxlexd.cmd
G:\rtnlpipu.com
F:\gsxlexd.cmd
F:\rtnlpipu.com
E:\Documents and Settings\Adib\Local Settings\Temp\tru1.tmp
E:\Documents and Settings\Adib\Local Settings\Temp\tru2.tmp
E:\Documents and Settings\Adib\Local Settings\Temp\tru3D.tmp
E:\Documents and Settings\Adib\Local Settings\Temp\tru3E.tmp



Folder::
F:\found.001
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
My services are free. However, you can donate to TSF to help keep it running and prospering.
ASAP

amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!